After enabling MFA, user is locked in a confirmation_pending state

ian1 · October 13, 2017, 1:23am

After globally enabling MFA, some users are locked in a “confirmation_pending” state, even after disabling MFA afterwards. ![alt text][1]

I then go to Actions > Reset Multi Factor, and the message above briefly goes away. After a few minutes, I refresh the page and it reappears. When the user attempts to log in using username-password authentication, Auth0 returns the following error:

[2017-10-11 19:22:36,527] ERROR libs.cloud.django_auth0.backends Auth0 error message: User is not enrolled with guardian

The problem is, MFA is currently turned off. Is there any way to un-enroll this user? Even after deleting and recreating the user with the same email address, the confirmation_pending status comes back. Any ideas?

jmangelo · October 13, 2017, 7:54pm

I’m not aware of any explanation for getting into that state, but if you haven’t done so already, I would recommend trying to perform an explicit deletion of that enrollment through Management API, in particular through the delete Guardian enrollment endpoint.

You can get the identifier of the enrollment in question by performing a previous call to get enrollments by user endpoint.

Topic		Replies	Views
MFA bug - involuntarily enrollment Help mfa	4	3594	March 2, 2018
Reset our app user MFA with Management API Help mfa , management-api , mfa-api	7	3319	March 9, 2023
Accessing User MFA Enrollment Status Help	4	6954	November 5, 2020
Dashboard admin account locked Help mfa , dashboard-admins , blocked-account	4	5731	April 1, 2019
Reseting MFA does not disable it Help	12	4569	November 5, 2020

After enabling MFA, user is locked in a confirmation_pending state

Related topics