Skip to main content

Foundry: Multi-Factor Authentication

Help to safeguard your transaction and business-critical data while meeting security best practice and compliance requirements through MFA.

Rebecca Clever avatar
Written by Rebecca Clever
Updated yesterday

Product: Foundry platform, Transaction Manager, Account Management, Pulse

Article link: https://help.truecommerce.com/en/articles/11106341-foundry-multi-factor-authentication

With security ever-increasing for web-based software, policies for businesses include expectations for working within secure environments. To address the security needs of its customers, TrueCommerce offers Multi-Factor Authentication (MFA) as a core security feature.

What is Multi-Factor Authentication?

When you log in to Foundry, you are proving that you are who you say you are. Traditionally, that has been accomplished with a username and a password, which TrueCommerce has made more secure with Multi-Factor Authentication (MFA).

Most online services--banks, social media, shopping, and other sites--have added a way for your accounts to be more secure. You may also hear MFA referred to as "Two-Step Verification," but it is the same idea, providing for greater protection of sensitive information and a secure login experience. When you sign into the TrueCommerce Foundry platform for the first time on a new device or application (like a web browser), you need more than just the Username and Password. You need to provide an additional "factor" to prove who you are, like a Time-Based One-Time Password (TOTP) code that you then input to confirm it is, in fact, you.

MFA enablement by Administrator

Administrator users can enable or enforce MFA across their organization and monitor enrollment status. They can also reset the MFA settings for locked-out, non-Administrator end users.

IMPORTANT: Administrators must take the initial steps to enable MFA for their organization, as it will not be automatically activated for every customer.

To activate it for your team, follow the steps under MFA for Roles, below. Note that the MFA for Roles section assumes that Roles and their Permissions have already been established for your organization within the Foundry platform.

MFA for Roles

Administrators can follow these steps to enable MFA within Foundry for Roles across their organization:

  1. Within Foundry, click on your name in the top right of the screen, then select Settings > Security > Users and Roles.

  2. On the Users and Roles page, click the Roles tile.

  3. The Roles page displays with all of the organization-wide role Descriptions. To Enable MFA for all users, select the 'Everyone' role by clicking on its row to highlight it.

  4. On the Edit Role page, click the Edit button and select "Enabled" from the MFA drop-down under the General tab, then click the Submit button.

  5. Back on the Roles page, the MFA Enabled column will show that each role has Inherited the settings (Permissions) established for it from 'Everyone'.

  6. To change the MFA Enabled setting for any individual role, click on the specific role row that you want to modify, then click Edit to open it and establish its MFA setting (Inherited, Enabled, or Disabled).

  7. Make your changes under the General tab, then click Submit.

MFA for Users

Administrators can follow these steps to enable MFA within Foundry for Users in their organization:

  1. Within Foundry, click on your name in the top right of the screen, then select Settings > Security > Users and Roles.

  2. On the Users and Roles page, click the Users tile.

  3. The Users page displays with all Users in your organization. The MFA Enabled column will show which users are Enabled, Disabled, or Inherited for MFA.

    Note that a Disabled (or locked) user will display with a red x indicator next to their name on the Users page.

  4. Click on a specific user, then click Edit to open their user card and establish their MFA setting.

  5. Make your changes under the General tab, then click Submit.

NOTE: If a user's account is locked, an Administrator can check that user's box on the User's page to select it, then click the Unlock User button. The user should then be able to log in with MFA.

The End User experience

The End User (non-Administrator) in Foundry can provide their email address to receive a one-time authentication code or scan a QR code via an Authenticator app on their electronic device to log in to Foundry for the first time with MFA. End users can also provide updates to their phone number, generate backup Authentication codes if needed, or rescan a QR code if they switch devices.

Login and Setup: Configuration and Enrollment

If your Administrator has enabled MFA on your profile, you will log in normally and be directed to the MFA screen as an extra step before signing in to the Foundry platform.

NOTE: Information, such as your email address and phone number, is already in the system if you have been added as a user within Foundry. You will be presented with an option to utilize email or an Authenticator application (such as those provided by Microsoft or Google, among others) to receive an authentication code to sign in to Foundry.

If you check the Remember me on this device box, you will need to clear your web browser cookies in order to get it to display again, if needed.

Authentication via emailed or text message code

If you are an end user who wants to log in to Foundry with MFA via emailed or text message code, follow these steps:

  1. Enter your Username and Password on the Foundry Sign In screen, then click Login.

  2. The very first time that you login, you must select either SMS or Email, even if you prefer to use the Authenticator app. Select the method by which you would like to receive your MFA verification code, then click the blue Email or SMS Text Message to confirm button.

  3. The Additional Login Verification screen will display with a five-minute countdown initiated to enter your emailed or text messaged authorization code.

  4. Navigate to your email Inbox to view the "Verify your account by email" or view your device for your text message from TrueCommerce.

  5. Copy and paste (or manually enter) the emailed code into the 'Enter Code' field on the TrueCommerce Additional Login Verification screen, then click Submit to login.

Authentication via Authenticator app

Each user who wants to use an Authenticator application will need to set up their desired application. Follow the instructions in your chosen Authenticator application to perform its setup. You can you use any TOTP-protocol compliant application (such as Google Authenticator, Microsoft Authenticator, among others).

Once you have verified your account by either email or SMS text message code, follow these instructions to select and use your Authenticator app:

  1. Enter your Username and Password on the Foundry Sign In screen, then click Login.​

  2. ​Your MFA Value can be found by navigating to Settings > My Profile > General in the top-right of the Foundry screen.

  3. At the bottom of that screen, click Generate Secret Key (or if no QR code is there, click that button).

  4. Scan the QR code with your device, then set it up in your TOTP Authenticator App.

  5. Click Save.

6. When you sign in the next time to Foundry, select Authenticator App, then click the Login button.

Did this answer your question?