The safety of our platform and of our users has always been one of our top priorities, which is why we keep on strengthening and improving the user authentication process for both the vendor and the buyer users registered on SupplHi.
The decision to strengthen the multi-factor authentication process is a testimony to SupplHi’s commitment towards cybersecurity and data protection, as already demonstrated through the ISO certifications the company obtained throughout the years. Users – both vendor users and buyer users not implementing the Single Sign On integration – are granted access to the SupplHi platform only after they successfully present the two different factors necessary to the authentication mechanism: first they demonstrate their knowledge by inserting their credentials (username and password) on the SupplHi login page, then they demonstrate both possession and inherence –three distinctive elements of multi-factoring authentication – by inserting the one-time code generated by the authenticating app installed on their device.
SupplHi recommends two different third-party authenticator (TPA) apps to enable the two-factor process: Google Authenticator and FreeOTP, both available on Google Play Store as well as on the Apple App Store.
Below we report in detail all the steps required by the authentication process. A concise guide for vendor users can be downloaded here.
The first access with the multi-factor authentication process
On the first time users access the platform, they will have to follow the steps below:
1. DOWNLOAD THE AUTHENTICATION APP ON THE MOBILE DEVICE.
On their mobile phone, open the app store and download one of the recommended authentication apps: Google Authenticator or FreeOTP. The authentication apps do not require log in or the creation of any accounts; the only action that might be required is to allow the app access to the mobile phone’s camera.
2. INSERT CREDENTIALS ON SUPPLHI
On their browser of preference, users should open SupplHi (https://vendor.supplhi.com/), insert their username and password – verifying that the password respects the SupplHi’s standard password policy – and click “sign in”.
A quick reminder on SupplH’s standard password policy: all passwords must contain at least: 8 characters, 1 uppercase character, 1 lowercase character, 1 numeric character and 1 non-alphanumeric character. Moreover, they must not be the same as the previous 5 passwords or be attributable to personal data. Finally, the maximum duration of a password is 180 days, after which users are prompt to change the password before they can access the platform.
3. SCAN THE QR CODE (AND RENAME THE CONNECTION)
After inserting their credentials, the following page will show a QR code that the user must scan using the authenticating app they downloaded on their mobile phone.
SupplHi recommends renaming the connection created through the QR code, to facilitate future accesses to the platform.
In case the user cannot scan the QR code (camera not working, cannot connect…), the platform generates a code that can be added manually by the user on the app and will automatically generate the connection.
4. INSERT THE ONE-TIME CODE
After scanning the QR code, a On-Time code appears on the app for the user to type in the dedicated field on the sign-in page. Once the code has been typed in, the user can click on “Submit” and terminate the first access authentication procedure.
After the first access
After setting up the multi-factor authentication process, users will be requested to insert their credentials and the one-time code originated by the authentication app on their mobile device every time they want to log into the SupplHi platform.
If you have any questions on the multi-factor authentication process implemented in SupplHi, you can contact us through the dedicated ticketing system within the platform or send us an email at firstname.lastname@example.org.