As a supplier, you can face different scenarios that require you to enable MFA. Take these into account when enabling or disabling MFA:

• If the customer does not have MFA as a requirement for suppliers, when they enable MFA as a requirement, then:
  • Every supplier for that customer is then required to enable MFA in order to access any of that customer's information through the CSP.
  • Suppliers without MFA receive a message that they must enable MFA in order to transact with the customer. The message contains a link directing the supplier to the page where MFA can be enabled. The supplier requires a phone with SMS texting or an authenticator app to enable this option.
  • The customer’s Coupa Admin can set up an exception in the platform to "Exclude" a specific supplier from the MFA requirement in CSP. This supplier will have access to specific information.
• If a customer requires the supplier MFA and the supplier does not have MFA enabled, then:
  • The supplier can not see customer data and is instructed to turn on MFA in order to see customer data.
  • When the supplier logs into CSP and navigates to see any customer specific information, they receive a message that they must enable MFA in order to transact with their customer. The message contains a link directing the supplier to the Account Settings page > Security & Multi Factor Authentication tab where MFA can be enabled.
• If a customer requires the supplier MFA and the supplier has disabled or turned off the MFA option (supplier has transaction history with the customer, but no longer does business with them), then:
  • The supplier can log into the CSP normally, however, in order to view past data or access customer-specific information with that particular customer they must enable MFA.