Can't login after resetting multifactor

hossein · July 19, 2018, 7:46am

Hi,

We are using Auth0 Universal Login flow. We used to be able to reset users’ multifactor account in case they lose or change their mobile phone, but not any longer. This is what exactly happens:

User can successfully login using their existing multifactor code (Google Authenticator)
We reset the user’s multifactor through Users > Actions > Reset Multifactor Authentication
User goes to our domain
The page will redirect the user to Auth0 domain (we are on the free account, so .auth0.com/login?state=)
They enter their username/password
Before they see the new multifactor code, they see the following image (url: .auth0.com/mf?state=):

image1215×728 25.6 KB

The last time we could successfully reset someone’s multifactor was July 09, 2018. We are having this issue only this week (starting July 16, 2018). I’m not sure if it has anything to do with the deprecation of Lock UI or not.

Looking forward to your help since it’s blocking our users from using the system.

Regards

kimcodes · July 19, 2018, 3:15pm

@hossein thank you for reaching out. I am looking into this issue! Would it be possible for you to capture a HAR file? (please make sure to remove any sensitive information and please feel free to DM it).

hossein · July 30, 2018, 1:20am

Hi there,

Anyone else having the same issue and having found the solution? I didn’t hear back from @kimcodes

kimcodes · July 31, 2018, 8:48pm

@hossein I apologize for the lack of communication. There did seem to be an issue at the time of your original post where resetting users MFA out users into a state where they couldn’t login anymore . There was a fix deployed just recently and it should be working now. Can your users give it a try now? Can you let me know if you are still seeing this issue?

hossein · August 1, 2018, 1:25am

@kimcodes

I just tried it and yes, it works fine now. Thanks a lot for the fix and the update. Really appreciate it