Multi-Factor Authentication

At CompeteFor we pride ourselves on ensuring our platform is simple, smart and secure and we are pleased to announce that we are taking security to the next level and introducing multi-factor authentication.

What does multi-factor authentication mean?

You may already be familiar with multi-factor authentication (MFA) as it is commonly practised by various online service portals such as online banking. It is essentially a process that requires the user to enter more than one piece of information to access their account. For example, in addition to entering a password you may also be asked to enter a code that has been sent to your mobile device or email account.

In the case of CompeteFor, our MFA process will involve users logging in with their current user name and password and carrying out the second authentication step using either Google or Microsoft’s multi-factor authentication app. Please be advised that it will be your organisation’s responsibility to ensure that your teams have downloaded and set up the Google or Microsoft authenticator application on either their work or personal mobile devices. Rest assured that this is very easy to do and both Google and Microsoft provide helpful setup and user guides.

Why is CompeteFor implementing MFA?

In the first instance, implementing MFA is good practice and, as mentioned, very commonplace but the main reason for adding MFA to the CompeteFor platform is security and to ensure that CompeteFor continues to be compliant in line with current guidance from the National Cyber Security Centre. Please note that this will also affect suppliers logging into the CompeteFor platform and we will be sending the same communications to them. For more information and advice from the NCSC on implementing MFA, please visit https://www.ncsc.gov.uk/guidance/multi-factor-authentication-online-services.

How does this impact CompeteFor users?

We are planning that this will cause very little disruption for our users. As we are implementing an additional step using the authenticator app, all CompeteFor users will need to download either the Google or Microsoft authenticator apps to their devices. These can be downloaded for free from most app stores such as Apple or Google Play store.

There will also be a short period when the platform will be down for maintenance whilst we deploy the updates, but this will be carried out outside office hours.

When will MFA go live?

Multi-factor authentication will be launched by the beginning of April and, to ensure that all users are informed and prepared, we will be communicating regularly in the lead-up to the date of deployment.

In the meantime, if the CompeteFor platform is used within your organisation, we advise that you communicate this among all of the CompeteFor users within your team and we would also advise that you inform your IT departments of the introduction of MFA.

Further information will added to this page in due course and will be emailed to all CompeteFor users but if you have any questions please feel free to contact our Helpdesk team at help@competefor.com.

Shared accounts

We are aware that some CompeteFor users may have shared accounts ‒ for example, multiple users using the same username and password to access the CompeteFor platform.

For CompeteFor, there are two options:

Option 1:

One member of your team sets up the authenticator originally and then provides the token to each user who can then log in with the shared login. Each user then selects to trust their device for 90 days, which allows them to log in without the token for 90 days. However, they will need to get a token every 90 days.

Option 2:

Each team member is added to the organisation as a user using their own email address and then has their own login username and password, allowing them to set up their individual authenticator meaning they wouldn’t be sharing. Each user would then need to set up their own email alert profile so they continue to get system emails when new opportunities are posted. There is no limit to how many CompeteFor user accounts you can have within your organisation.

We would recommend option 2 as this means that each individual CompeteFor user within your team has their own logins and is responsible for their own authenticator app access codes. You can do this easily by inviting individual users to your organisation via My Organisation.

To do this, simply login to the shared CompeteFor account and follow the steps below:

Go to My Organisation then;

  • Users
  • Invite new users
  • Add email
  • Enter the team members email address
  • Click ‘Add email’. You can continue to ‘Add email’ for all individuals you would like to be invited.
  • Once all emails have been added, click ‘Next’.
  • You will be given text to add an invitation message
  • Click invite

Invited users will receive an email from CompeteFor informing them that they have been invite to CompeteFor eSourcing on behalf of the organisation and will receive instructions on how to complete their registration.

Please note, each new user would need to edit their email preferences so that any CompeteFor communications and alerts go to the shared inbox instead of the individual’s email inbox, if this is the preferred option.

 

What to expect the first time you log in

Below is a step-by-step guide on what to expect when you log in to CompeteFor after MFA has gone live. In preparation for this, we recommend you download either Google or Microsoft’s authenticator app on your device as this will save time later on.

Step 1:

When you first visit the CompeteFor login, the first screen will look exactly the same. Simply enter your usual username and password.

Step 2:

Next you will need to set up the authenticator app. Please note that you will need to download either the Google or Microsoft authenticator app on to your device in advance.

Scan the QR code on the screen using the authenticator app and you will be shown a token code for the next step.   

Step 3:

Enter the token code from your authenticator app and then click ‘Register’.

Step 4:

Next you will be shown a one-time passcode on your authenticator app. Please enter that into the box shown on screen and click ‘Login’.

Step 5:

In order to reduce the frequency of login verification, you can opt to trust the browser that you are logging in from. If you choose to set this up, simply name the device and choose how long you would like to remember the browser. The options are 30, 60 or 90 days. Then click ‘Register’. You can also choose to skip this step and set up at a later date.

Step 6:

You will now be logged in to the CompeteFor platform and can continue to use it as needed. The next time you log in to CompeteFor you will use your username and password as before but will then be asked to enter a one-time passcode from the authenticator app. This is MFA. Simply open your authenticator app and enter the passcode shown. Please note that the passcode refreshes every 30 seconds.