MFA with Authenticator does not work immediately after invite

Get Help
,
1

Hi,

We use a post-login script to activate MFA for specific users (after an email invite). The scenario for the issue we’re experiencing is as follows:

  • user has entered password after having clicked on a link in an invite email
  • user is then presented with MFA dialog, and selects “Authenticator”
  • user downloads Google or Microsoft Authenticator, then enters the verification code from the app into the Auth0 verification page

The problem is that (and this happens all the time following an email invite), the verification code is not accepted - It sometimes takes up to a third attempt to get this working. Sometimes it takes more. Could this behavior be related to a delay in the Auth0 back-end (we are testing with a non-production tenant and only enrolling the user post authentication).

Side note: Obviously this would be a show-stopper for us if this happens in production!

Thank you in advance,

Shaune

2

Hi @stappan , welcome to the Auth0 Community!

A common reason why this may not be working as expected is due to the device time setting not being in sync with the UTC time of the code, See Troubleshooting information here.
You may have already checked this. Do you see the same issue occur with different devices?

3

Thank you for your response. The root cause of this issue had to do with the post-login script being called more than once. We consulted with the support team, who referred us to this:

https://community.auth0.com/t/mfa-once-per-session-action/110147

Adding in the condition (to check whether MFA had already been enabled) solved the problem for us.

4

Hi @stappan ,
Glad to hear that this was resolved and thank you for providing the solution :+1: