1. MineralTree | Support
  2. Administrator
  3. Security

Two-factor Authentication (2FA) Guide

Audience: ERP Admin, IT Admin, MineralTree Admin, Accounting Manager

Summary: Reviews MineralTree's two-factor authentication functionality and setup for SMS, Voice, and Authenticator App (for AM users and login only)

Topics covered: 

What is Two‑Factor Authentication (2FA)

Two‑factor authentication adds an extra layer of security during login and payment release. To reduce fraud risk, companies must enable one or both features. Security settings are managed at the role level (Accounting Manager and Payment Authorizer).

2FA is also required when users reset passwords and whenever an administrator accesses the Customer Administrator Application.

Delivery methods supported:

  • Authenticator App (Accounting Managers, login only)
  • SMS message
  • Voice call

 

Getting Set Up with 2FA

Authenticator Application

An authenticator app generates a 6‑digit code every 30 seconds from a shared secret key. It is not tied to your phone number or SIM, making it more secure. MineralTree recommends Google Authenticator or Authy.

Note: Authenticator apps are currently supported only for Accounting Managers and only for login, not payment release.

 

Setting up Authenticator App

Initial setup occurs during implementation:

  1. Click your initials > Company Profile.
Screenshot 2025-11-24 at 2.26.02 PM.png
  1. Select Set Up Authenticator.
Screen_Shot_2022-01-11_at_10.34.57_AM.png
  1. Scan the QR code with your authenticator app.
Screen_Shot_2022-01-11_at_10.35.23_AM.png
  1. Enter the 6‑digit code from the app.

Auth.jpeg

  1. Click Submit.

42dbff94-7ef8-42b7-a006-5863608197a9.png

You'll be taken back to the Company Profile page, and MineralTree will be added to your Authenticator accounts on your device. At login, you can select this option.

Administrators can later adjust settings in the Customer Administrator Application > Company Settings.

 

Setting Up 2FA for Login and Payment Release

The Two Factor Authentication section on the Security Tab determines whether two-factor authentication codes will be sent during user login, and whether users must enter a code when releasing payments. Approver in this case refers to the Payment Authorizer. 

In the example below, users with the Approver role and the Accounting Manager role will be prompted to provide a security code during login.

Screenshot 2025-12-11 at 2.45.08 PM.png

Verification is required only from the last person handling the payment. If you have a Payment Authorizer ("Approver"), they will be prompted to enter a security code when they submit a payment. If you do not have a Payment Authorizer, the Accounting Manager should have it enabled if you want to utilize this security feature.

Screen_Shot_2020-06-26_at_4.58.24_PM.png

Take a look at the two Scenarios below to further your understanding!

 

Scenario A

  • Two Factor Payment Verification: Enabled for Payment Authorizer (Approver) and Accounting Manager
  • Payment Authorization Threshold: $50
  • Payment Amount: $10
  • Result: The Accounting Manager must verify two factor authentication because the Payment Authorizer will not receive the payment in their queue because $10 < $50 threshold.

Scenario B

  • Two Factor Payment Verification: Enabled for Payment Authorizer (Approver) and Accounting Manager
  • Payment Authorization Threshold: $50
  • Payment Amount: $100

  • Result: The Payment Authorizer must verify two factor authentication because the Accounting Manager will not need to verify as $100 > $50 threshold.

     

2FA Delivery Preferences

Users can choose SMS, Voice, or Authenticator App.

  • At login, click Change Security Method.
  • Select your preferred option.

Screen_Shot_2022-01-11_at_10.20.36_AM.png

authapp.png

 

Troubleshooting 2FA

Change Phone Number 

Administrators can update a user’s 2FA phone number:

1. Go to Settings > Manage Company Settings

2. Open Manage Users tab

3. Select the user you wish to change

4. Change their phone information and delivery preferences (SMS or Voice)

Screen_Shot_2019-03-11_at_10.36.35_AM.png

 

Not receiving your 2FA code?

Try these steps:

  1. Switch from SMS 2FA to voice 2FA

When you reach the 2FA prompt, click Change Security Method.

Screen_Shot_2022-01-11_at_10.20.36_AM.png

Click into the dropdown menu, choose a Voice option, and click Save.

authapp.png

Why does this happen/work?

When MineralTree sends a 2FA code by SMS, it has to go through your mobile carrier’s network. Sometimes that network is busy or has issues, which can delay or block the message. We see this most often with certain carriers like T-Mobile or Verizon in specific areas. These problems usually clear up within a day.

Voice 2FA uses a different system, so switching to it can help you get your code faster.

Fortunately, these issues are typically isolated to just SMS transmission, hence allowing you to bypass the issue by switching to voice 2FA.

  1. Check your phone's blocklist for MineralTree's 2FA numbers

How you check your blocklist depends on your phone. If you're using a smartphone, use the links below for help:

Once you find your blocklist, look for these numbers and unblock them if needed:

  • (855) 718-0245
  • (855) 767-0169
Why does this happen/work?
  • Sometimes our 2FA numbers get blocked by accident, either by the user or automatically by the phone or carrier. Many users don’t remember blocking us, but it still happens. Unblocking these numbers can fix the issue.

  1. Restart your phone

Turn your phone off and then back on again.

Why does this happen/work?
  • Restarting your phone resets some settings that might be causing the problem. It doesn’t always solve the issue, but if the other steps don’t work, it’s worth trying.

 

FAQs

What is 2FA?

Two-factor authentication (2FA) adds an extra layer of security to your account. It makes it harder for unauthorized users to access your data, even if they have your password. 2FA is also called two-step verification or multi-factor authentication.

How does 2FA protect you?

2FA helps keep your account secure in several ways:

  • Stops password-only attacks: If someone steals or guesses your password, they still can’t log in without the second step.
  • Blocks unauthorized access: 2FA makes it harder for attackers to access your devices or accounts.
  • Reduces fraud: A second step, like a one-time code sent to your phone, helps prevent account takeovers. Microsoft reports that 2FA can stop up to 99.9% of account attacks.

Can I turn off 2FA?

No. Because MineralTree handles sensitive financial data, 2FA is required for all Accounting Managers. It’s a key part of keeping your account secure. Payment Authorizers are also required to use 2FA at the time of payment release.

Starting Wednesday, October 16, 2024, 2FA is mandatory for all Accounting Managers.

Is 2FA new in MineralTree?

No. 2FA has been available for some time, but it was optional. Before October 16, 2024, Admins could choose whether to enable it. Now, it’s required for all Accounting Managers to help protect your account.

Why is 2FA required now?

Security is a top priority. Today, 75% of MineralTree customers already use 2FA, and 57% of businesses worldwide use some form of it. Making 2FA mandatory adds strong protection with minimal effort.

How do I set up 2FA?

Make sure your mobile phone number is up to date in your account settings. When you log in with your username and password, MineralTree will send a one-time code to your phone. Enter that code to complete your login. Follow the instructions here to confirm your phone number is accurate.

⚠️ If your phone number is incorrect, you won’t receive the code and won’t be able to log in. If you need help, contact: customersuccess@mineraltree.com

How does 2FA work in MineralTree?

Here’s what happens when you log in:

  1. Go to the MineralTree login page and enter your username and password. Pro Tip: For added ease and security, bookmark the official MineralTree login page in your browser.
  2. MineralTree checks your credentials.
  3. You’ll be prompted to enter a one-time code sent to your phone.
  4. Enter the code to verify your identity and access your account.

Are there any downsides to 2FA?

There is no downside to 2FA. While it adds a few seconds to the login process, the added security is worth it.

How often will I need to use 2FA?

You’ll need to use 2FA every time you log in. To mitigate fraud, your MineralTree account is automatically logged/timed out after 15 minutes of inactivity, so you may need to re-enter your code if you’re away from your device. 

Can I use something other than text messages?

Yes. You can use an authenticator app like Google Authenticator or Authy. These apps generate a 6-digit code every 30 seconds and don’t rely on your phone number or SIM card.

Note: Authenticator apps are currently supported only for Accounting Managers and only for login, not for payment approvals.

 

Customer Support
Please reach out to Customer Support with any questions:
 
 
Was this article helpful?
0 out of 0 found this helpful

Articles in this section