The CSP leverages Google Authenticator, which is available for iOS and Android devices. You need to install it on your mobile device if you want to enable two-factor authentication. See Install Google Authenticator for help with installing the app on your mobile device.
Instead of the authenticator, you can also use SMS to receive verification codes.
Enabling Two-Factor Authentication
Your customers can require you to use two-factor authentication to log in to the CSP and access their data, in which case you have to enable it.
Make sure you have your mobile device with you before enabling two-factor authentication.
Sign into your Coupa Supplier Portal account at https://supplier.coupahost.com.
From your name at the top right, click Account Settings.
Enter and validate your phone number to receive SMS notifications or verification codes through SMS.
Under Two-Factor Authentication, click Enable for SMS or Two Factor Authenticator App depending on how you want to receive the verification codes.
For SMS, enter the verification code in the pop-up window.
Choose Remember this computer for 30 days if you're not using a shared or public computer, and click Enable.
Print your backup codes or email them to yourself before you click OK. If you ever lose your device, you need these to regain access to your CSP account.
You can only use a recovery code once, so it's a good idea to refresh your list if you have to use a recovery code. Go to Account Settings > Security & Two-Factor Authentication and click Regenerate Recovery Codes to get a new list of codes.
If you enable or disable two-factor authentication, you get an email notification of the change.
See Customer-Enforced Two-Factor Authentication in CSP for more info.
Signing into the Coupa Supplier Portal with Two-Factor Authentication
Go to https://supplier.coupahost.com and provide your credentials as usual.
The Two-Factor Authentication window opens.
Depending on your setting, open Google Authenticator on your device and choose your CSP account. Get the number that's shown. Or open the newly received text message that contains the verification code.
Type the two-factor authentication code in the appropriate field. For the authenticator, choose Remember this computer for 30 days if you're not using a shared or public computer, and click Log In.
The code that Google Authenticator provides is good only for 60 seconds. If you don't type that code on the CSP sign-in page and click Log In within 60 seconds, you have to get a new code and try again.
If your supplier is locked out and they don't have their six-digit backup validation code, contact Coupa Support who will ask you to provide the supplier's declaration form and either their email used to log in to the CSP or a copy of their photo ID or passport to verify their identity.