Overview

As of version 9.25, we have added multi-factor authentication (MFA) to Heartland Restaurant. Multi-factor authentication is an effective and necessary security technique used to enhance traditional username/password credentials, which alone are vulnerable to "brute force" attacks and theft by third parties. By requiring a second factor of authentication, we enhance the security of our merchants’ data.

In Heartland Restaurant, all users are now required to use multi-factor authentication to log into the Admin Console. Also, when setting up devices for new locations, dealers are now required to use multi-factor authentication to log into device-based apps, including the POS, KDS, and Kiosk. The "Device Login" process differs from the process for logging into the Admin Console. This article describes both processes.

Admin Console Authentication Procedures

Access the Admin Console.
In the Account Login area, enter a valid email address and password, then click Log In.
The program displays the “Create New Password” screen.

When you use multi-factor authentication to log into the Admin Console for the first time, it will prompt you to create a new login password. The program will not require this for subsequent logins.
In the Create New Password screen, enter a new password in the New Password and Confirm New Password boxes, then click Continue.
The program displays the Verification screen (“We need to verify your identity.”)

The program also automatically sends the six-digit authentication code to your email address. This code will only be valid for five minutes.
When you use multi-factor authentication in the Admin Console for the first time, it will only provide the first authentication code by email. After this first time, the program will allow you to select other methods of receiving a code.
(After logging in for the first time, if you need to change your authentication code at this point, please contact the Heartland Support department.)
Access your email account and find the email containing the authentication code.
Copy the code, return to the Verification screen, and then paste the code into the Verify your code boxes.
If you select Don’t ask again for 45 days on this browser, you will not need another authentication code for 45 days while using your current browser.
Click Verify.
After you enter the authentication code, the program displays the Multi-Factor Authentication page, which includes a description of the MFA feature and its benefits.
To continue, click Get Started.
The program displays the “How do you want to authenticate?” screen, which enables you to select the method by which you will receive an authentication code. The screen displays three method options.
Select an appropriate method option, then click Continue.
If you selected Stay with email verification, the program will immediately display the Service Agreement panel.
or If you selected Text Message (SMS), the program will display the Let’s secure your account screen.

In this screen, select an appropriate country code in the Country Code list, then enter your phone number in the Phone Number box, then click Send Code.
or If you selected Authenticator App, the program will display a screen with instructions and controls for downloading and using a specific app to use. You can select Microsoft Authenticator or Google Authenticator.

In this screen, download an appropriate authenticator app, scan the QR code, enter the provided code in the Verify your code boxes, then click Verify.
If you select Text Message or Authenticator App, but then decide to use a different method, you can click I want to set up a different method. (This option is only available during an initial Admin Console login.)
Using whichever method you selected, the program will deliver or automatically enter the authentication code.
If you use a code to authenticate your identity by email or text message, that code will only be valid for up to five minutes. If you use a code generated by one of the authenticator apps, it may be valid for less time, as each app resets its codes after different durations.
If you used the Text Message or Authenticator App methods, enter the authentication code.
After you enter the authentication code, the program displays the Service Agreement panel.
Read the Service Agreement, then click I Accept.

The program will then access and display the Admin Console.

Device Login Procedures

Once you log into the Admin Console, you can acquire a Device Login authentication code, which you can then use to log into the POS, KDS, and Kiosk apps. There are two methods of acquiring a Device Login code, depending on the type of code you need.

Acquiring a Location-Level Authentication Code

These procedures describe how to acquire a location-based code, which will enable you to log into apps on devices associated with a specific location. This type is commonly used by merchants, dealers, or Support staff when setting up new devices for a restaurant location.

In the Admin Console, in the Locations list, select an appropriate location.
In the Main Menu, click Location Setup, then click Authorized Tablets.
In the Authorized Tablets screen, click the Login Code tab.
In the Login Code tab, click Generate Code.

The program will generate and display a valid authentication code. It will also display the time when the code will expire.

If you need to generate a new code, click Regenerate Code.

Using this code, you can now log into multiple POS, KDS, or Kiosk apps for that location.

Acquiring a User-Level Device Login Code

These procedures describe how to acquire a user-based code, which will enable you to log into apps on any device associated with your own account. This type is commonly used by dealers or Support staff when setting up a new device for personal use (such as testing or troubleshooting).

In the Admin Console’s Main Menu, click the Profile list (top-right corner).
Click Support Code.

The program will generate and display a valid authentication code. It will also display the time when the code will expire.

If you need to generate a new code, click Regenerate Code.

Using this code, you can now log into multiple POS, KDS, or Kiosk apps for devices associated with your account.

Logging into the POS with an Device Login Code

Once you have acquired a Device Login code, you can log into the POS on each of the location’s payment tablets.

On the Payment device, run the Heartland POS app.
The POS runs and immediately displays the Login screen, prompting you for a Device Login code.

In previous versions, this Login screen would prompt you for a valid email address and password.
In the Enter login code box, enter the Device Login code that you acquired from the Admin Console, then click Confirm.
Once you enter a valid code, the remaining login procedures are unchanged.
In the next screen (“How will this device be used?”), tap Point of Sale, then tap Permanent.
In the next screen (“How will this device be used?”), select the appropriate location, then tap Next.

The POS will display the PIN screen.

In this screen, restaurant staff can clock into the POS, without the need of a Device Login code. Subsequently, when restaurant staff close and restart the POS, it will display this screen.

The location will not need another Device Login code to run this POS unless it is logged out (for whatever reason), or until you ever clear the app’s data or completely uninstall it.

Logging into Kiosk with a Device Login Code

As with the POS, once you have acquired a valid Device Login code, you can log into Kiosk on each of the location’s devices.

On the device, run the Heartland Kiosk app.
Kiosk runs and immediately displays the Login screen, prompting you for a code.
In the Enter login code box, enter the Device Login code that you acquired from the Admin Console, then click Confirm.
As with the POS, once you enter a valid code, the remaining login procedures are unchanged.
In the Warning panel, tap Permanent.
In the next screen, select the appropriate location, then tap Next.