What You Need to Know About Mekorma Security



By  Les Shiaman - Customer Success Lead
November 22, 2021                       

When configuring Dynamics GP, the first consideration is security. The ERP does not assume anything; system administrators must assign specific roles and tasks that give users access to the right company database(s) and required functionality. Dynamics GP is a secure environment.

Accounts Payable teams that use Mekorma Payment Hub benefit from GP security by default. When users log in to GP, they will only be able to handle the tasks they have permissions for. Additional security features can be enabled with our software, allowing you to enforce separation of duties and the controls necessary for secure payment processing.

Mekorma security options have evolved over time, as we’ve addressed a variety of customer needs. This article aims to explain what you need to know about recent security changes, and the best options for protecting your accounts payable process.

What is a security model?

A security model is a way of specifying and enforcing an organization’s security rules. For our purposes, a security model allows you to define which users are allowed to perform what actions within configurable parameters.

By Checkbook, By User, By Task - Oh My!

Depending on the Mekorma security model you use, you can do some, or all, of the following:

  • Configure signatures with encryption - electronic signatures will print on check payments.

  • Print signatures, or leave blank lines, based on different check amount thresholds.

  • Configure one default signature or a signature that is based on who approved the payment.

  • Require that some or all your payments move through a digital approval process before they can be printed or processed.

  • Design security rules based on dollar-value ranges (a.k.a., Threshold Levels) and/or Vendor Class.

  • Notify approvers by email or text when they need to approve payments.

  • Automatically split batches so that fully approved payments are not held up by those waiting to be approved.

Many of you have been using Mekorma for years – and if you are a long-term customer, you are most likely using Checkbook or User-ID based security. These two distinct ways of configuring security rules are now referred to as our ‘Legacy Security’ models.


Legacy security is deprecated as of the next Payment Hub build release (March 2022).

This means that Checkbook and User ID based security will still be functional, and you can continue to use them; however, we will no longer develop new features or fix issues that may arise.

But, we wouldn’t leave you out in the cold! Our most recent model, Task-Based security, merges the most effective and widely used elements of Legacy and is even more elegant – it bases the approval on who is logged in, so the use of passwords at print time are not needed as they are in Legacy models.

Mekorma customers should plan to switch their system to the Task-Based model to take advantage of the most up-to-date and feature-rich security.

Checkbook security

If you use Mekorma Checkbook Security, your security settings (Signature IDs) are applied to individual checkbooks. Checkbook passwords can be configured, requiring users to enter a password before they can print checks or process EFTs.

There are certain limitations to this model, most notably:

  • The signature logic is not available across companies (Signature ID tables were held at the company level in SQL). If you process payments for multiple GP databases, the logic must be applied to each individual company.

  • Since passwords are assigned to checkbooks (and not users), they are frequently shared among team members who process payments from the same checkbook: this is a security risk and not considered best practice.

User-ID Security

If you’re set up with User-ID security, individuals use their own unique passwords to print checks with appropriate signature logic, rather than share checkbook specific passwords. Approval workflow can be enabled.

While capabilities are expanded in User-Based security, some similar limitations apply:

  • Simplified functionality for threshold levels and signatures do not give enough flexibility for some organizations.

  • As with the Checkbook Security model, the User-ID based model is also a company-based form of security, forcing you to configure and maintain security settings across company databases.


Task-Based Security: A Modern, Integrated Approach

Task-Based Security integrates with Dynamics GP security, allowing you to assign users tasks and roles in accordance with the AP work they perform.

Approval Workflow supports more expansive and flexible configurations, including:

  • Break your threshold level down as finely as you want for total control. There’s no limit on the number of levels you can define.

  • Assign multiple approvers to a single threshold level.

  • Assign a single approver to multiple threshold levels.

  • Extend approval workflow outside of Dynamics GP. Approvers can use a mobile device to approve payments on the go with PowerApprovals installed.

  • Reject whole payments or individual vouchers during the approval process.

  • Set Out-of-Office notifications and approval delegation.

  • Set security on the system level so logic can be applied across companies, greatly reducing setup time.

(But…what security model am I on?)

If you're not certain what security model you use, you’ll need to access the Mekorma Security Setup window and click on a company.


Mekorma Area Page, Setup > System > Security Setup

The security model will be listed as either Legacy or Task-Based security.

Your Plan for Moving Forward

We highly recommend you plan to switch your security to the Task-Based model. You’ll be able to take advantage of new features, security enhancements, and products - such as the PowerApprovals application that supports mobile and web-based Approval Workflow outside of GP.

For a full comparison of Legacy vs. Task-Based security, see this chart.

If you’d like to configure your security with your own internal expertise, our User Guide covers the basics of How to Set Up Task-Based Security.

Our Customer Success Team is always at the ready to assist you with questions, and to collaborate on the steps required to switch to the new security model. Contact us to schedule a consultation.