Duo MultiFactor- Unauthorized

We have a login system that is working great with username and password login. When we enable the rule for DUO MFA it works when testing in the “rules” page of the Auth0 dashboard. However, when we test against our login the user is prompted for MFA from DUO, the DUO window shows login success, then we are redirected to a page from auth0 which shows "Unauthorized:. We are at a loss for why the MFA login is not working. any suggestions would be helpful.

Hi @eli.webster,

Welcome to the Auth0 Community Forum!

Are you just getting unauthorized? Any other specific message in the error?

Warm Regards,
Dan

Just the word “Unauthorized” in the corner of the web page and the website source shows error 401

I see. Can you DM me your tenant name?

Thanks,
Dan

Does the user you are trying to log in with have the correct user_metadata?

The user can log in without issue with MFA disabled. And can login using the Rule tester with MFA enabled without issue.

I’m wondering about this line:

  if (user.user_metadata && user.user_metadata.use_mfa){

Does the user that you are logging in with have the correct metadata?

The user has the following metadata.
{
“use_mfa”: “true”
}

Should something be defined for user.usermetadata.

This should be the correct set up. The first conditional is just checking to make sure there is some metadata so the second doesn’t come back with an undefined error.

That is what we assumed from all the documentation, and we are just at a total loss. DUO shows the login approved, and the user logs in without issue when MFA is off.

If you try and remove that conditional statement (applying it to all users) does it still not allow you to login?

@eli.webster are you using a custom domain name? I believe that is cause of me getting this error.

I am hoping Auth0 has a work around.

1 Like

@josh.oberdick

Thanks for adding to the conversation. Are you having the exact same symptoms?

Correct. I’m requesting custom domain support for DUO.

@josh.oberdick @eli.webster

After looking further I can confirm DUO does not support custom domains at this time. There is no workaround that I am aware of.

I can say that this exists as a feature request, but it is not currently on any product roadmap. I would recommend submitting a ticket to feedback if you have not already had time to do so. This is a direct line between you and the product team, and how we track customer demand.

I will also create a feedback ticket citing this thread.

Warm Regards,
Dan

Great news @josh.oberdick, and @eli.webster, DUO is now supported as a MFA factor with Custom Domains! Please let us know if you have any questions!

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.