Two factor authentication within Coupa Supplier Portal

Solution Properties

Solution ID:

230530114949700

Last Modified Date:

Tue Feb 03 14:17:57 UTC 2026

Taxonomy Path:

Finance - Supplier//New Connections

Author:

vi1795

Two factor authentication within Coupa Supplier Portal

Supplier Actions

Overview

To protect supplier account information and minimise security risks to your organisation and JLP, Two-factor authentication has been introduced to the Coupa Supplier Portal. This means as well as logging in with a password, you may also be asked to provide a code sent via text message or app.

The actions below will help you to setup two-factor authentication, so that you are still able to access and make changes to your account with JLP through the Coupa Supplier Portal.

Actions

There are a couple of different ways to manage two-factor authentication on your Coupa Supplier Portal account, please follow the steps below to select a default option for when Two-factor authentication is triggered and how you will receive the notification.

Login to Coupa Supplier Portal
Navigate to My account
On the left hand side menu select Security and two-factor Authentication
Please select an option for when two-factor authentication should be triggered:
1. Only for payment changes only (required for changing Legal Entity or Remit-to)
2. For every login to Coupa Supplier Portal and payment changes
  Note: Two factor authentication is required for payment changes but can also be added everytime you login.
You will then need to select how you would like to receive your two-factor authentication notification:
Via Authenticator App:
From your smart phone, you will need to download an authenticator app. There are several free apps that can be used, please go to the App Store or Google Play to download:
- Google Authenticator
- Twilio Authy
- Authenticator App Authy 2FA

Via Text Message:
Provide your mobile number and receive a code via text message (SMS charges may apply)

Next Steps: If you selected Authenticator App

From the My Account menu, Select App Selection on the left hand side menu
Follow the on screen instructions and Open the Authenticator App you have downloaded
Select add or + on your Authenticator App to scan the QR code on screen.
Please print the QR code or email a copy to yourself as you will need this if you change your mobile device in the future.
Note: You can only use a recovery code once, so refresh your list if you have to use a recovery code. Go to Account Settings > Security & Two-Factor Authentication and click Regenerate Recovery Codes to get a new list of codes.
Once scanned, you should receive a code on your phone, enter this into the box and press Enable
You should then Open the Authenticator App each time two-factor authentication is requested on Coupa Supplier Portal

Next Steps: If you have chosen Text Message

From the My Account menu, Select Notification Preferences
Enter and validate your mobile phone number
Enter the verification code that appears in the pop up window
You will then receive a text message each time two-factor authentication is requested on Coupa Supplier Portal
Note: SMS charges may apply to these messages

Coupa Supplier Portal Security Best Practices and FAQs

Obtained directly from Coupa Compass website any queries surrounding the below, should be directed to Coupa.

To reduce the security risks to your account and organization, review the following security best practices:

Enable two-factor authentication: Two-factor authentication (2FA) can be enforced for all user logins, in addition to payment account updates such as changes to your legal entity, remit-to, and bank account information
Verify and monitor your account: Verify periodically that your account payable information has not changed. If multiple users can access your CSP account, verify that account details are up to date. Contact us JLP immediately if you suspect any unauthorized use of your CSP account.
Add multiple users to your account: Other CSP users can be notified of transactions. This visibility can protect your account in case your email, password, or device is compromised. It also ensures that your company account persists after you or other users leave your organization.
Use strong passwords: As currently required on the CSP, use strong and unique passwords for every account. Password managers, for example, LastPass or Dashlane, can make it easy.
Do not share passwords or verification codes: Coupa will never ask you to share password or 2FA information. As a general rule, you should not share sensitive account credentials (usernames, passwords, 2FA codes, or recovery codes) with anyone.
Protect your email and cloud accounts: Your email account can be compromised and taken over by malicious actors. You should consider enabling 2FA or biometrics on all your accounts. Protect your online data storage accounts (for example, iCloud) with the same steps. Review security settings to confirm you have optimized your account safety.
Secure your devices: Always keep your software up to date. Protect your mobile phone number by asking your provider to enable a SIM or device lock.
Use good judgment: The most effective way to protect yourself against scams like phishing is good judgment and common sense. If any offer sounds too good to be true, it probably is. It is okay to question, refuse, or ignore requests — only scammers will try to rush or panic you.
Train your users regularly on security: Train your users on organization controls and raise awareness of phishing attack prevention.

What is two-factor authentication?

Two-factor authentication (2FA) makes it hard for someone else to get into your CSP account, even if they have your password.

If you try to log in from a device that we don’t recognize, for example, a computer from which you have never logged in to the CSP before, we ask you to enter a verification code (the second factor) to make sure it is really you. This verification code is generated by your authenticator app or sent in a text message to your mobile phone.

This way, if someone else is trying to log in to your account, they won’t get the code, which could stop them from accessing your account.

Why should I use two-factor authentication?

The security of your transactions is Coupa's top priority. The continuous improvements to the CSP help keep your accounts and data safe. Adding two-factor authentication (2FA) to your account increases its security.

2FA is mandatory with sensitive payment accounts to increase the security of your payment settings in Coupa.

How does two-factor authentication work?

Two-factor authentication (2FA) increases security beyond simply having a password. Once 2FA is turned on, you can use your Coupa password and a verification code every time you need to change your payment account settings. The verification code is the “two-factor authentication” piece. Verification codes can be generated from your authenticator app (preferred) or sent in a text message to your registered mobile phone.

Which two-factor authentication method is recommended?

Two-factor authentication (2FA) through an authenticator app, for example, Google Authenticator, Twilio Authy, or Microsoft Authenticator Authy, is the preferred method. You can download one of these apps for free from the Apple App Store or Google Play. SMS (text message) is a secondary method supported by Coupa. (SMS rates may apply.)

Is two-factor authentication mandatory?

Two-factor authentication (2FA) is mandatory with CSP payment accounts. 2FA is not mandatory with the other features of the CSP.

Which payment account updates require two-factor authentication?

Sensitive account updates, namely changes to your legal entity, remit-to, and bank account information require two-factor authentication (2FA).