Auth0 Home Blog Docs

Can't login after resetting multifactor

mfa
sso-google-2fa-mfa

#1

Hi,

We are using Auth0 Universal Login flow. We used to be able to reset users’ multifactor account in case they lose or change their mobile phone, but not any longer. This is what exactly happens:

  • User can successfully login using their existing multifactor code (Google Authenticator)
  • We reset the user’s multifactor through Users > Actions > Reset Multifactor Authentication
  • User goes to our domain
  • The page will redirect the user to Auth0 domain (we are on the free account, so .auth0.com/login?state=)
  • They enter their username/password
  • Before they see the new multifactor code, they see the following image (url: .auth0.com/mf?state=):

The last time we could successfully reset someone’s multifactor was July 09, 2018. We are having this issue only this week (starting July 16, 2018). I’m not sure if it has anything to do with the deprecation of Lock UI or not.

Looking forward to your help since it’s blocking our users from using the system.

Regards


#2

:wave: @hossein thank you for reaching out. I am looking into this issue! Would it be possible for you to capture a HAR file? (please make sure to remove any sensitive information and please feel free to DM it).


#4

Hi there,

Anyone else having the same issue and having found the solution? I didn’t hear back from @kim.noel :frowning_face:


#5

@hossein I apologize for the lack of communication. There did seem to be an issue at the time of your original post where resetting users MFA out users into a state where they couldn’t login anymore . There was a fix deployed just recently and it should be working now. Can your users give it a try now? Can you let me know if you are still seeing this issue?


#6

@kim.noel

I just tried it and yes, it works fine now. Thanks a lot for the fix and the update. Really appreciate it :slight_smile: