Overview
This article explains a possible cause of higher than expected number of gd_enrollment_complete logs occur when using the Multi-Factor Authentication (MFA) enrollment ticket endpoint. This situation is observed for flows utilizing the MFA enrollment ticket endpoint.
Applies To
- MFA
- Tenant logs
- Guardian
Cause
Custom MFA flows can trigger additional gd_enrollment_complete logs, for example if multiple tickets are sent to a user and multiple are opened in different tabs prior to completing enrollment.
In this scenario, the first ticket used to complete the enrollment process is successful. However, subsequent attempts to use the other opened tickets fail, which still generate gd_enrollment_complete logs while displaying the following message:
Something went wrong
If enrollment is completed before a user attempts to open another MFA enrollment ticket, this action does not trigger an additional log. Instead, the user sees the following message:
Two Factor Verification has Already Been Enabled
It is also expected that multiple
gd_enrollment_complete logs may appear because there are multiple steps during enrollment, depending on the factor utilized.
Solution
The gd_send_email logs do not correspond to an MFA enrollment ticket. These logs are generated for challenges of Email MFA factors. For details on log event types, refer to the Log Event Type Codes documentation.
MFA enrollment tickets are identified by the following log type:
"type": "sapi", "description": "Create a multi-factor authentication enrollment ticket"