MFA Guide Version 1 Last Review Date: Dec, 2024
MFA Troubleshooting User Guide
Sanity Checks
Can they get to the One-time code screen?
If they aren't then the user is entering the wrong email or password.
Resolution: Check Account details
Does a QR code appear?
If the Code appears then they have not yet linked their CMMS account to an Authentication App.
Resolution: If The QR code appears
Do they have an Authentication App?
If they do not have one, then the user may not have stored the code.
Resolution: If they don't have an Authenticator App
When aiming the camera in the authenticator app, does it work?
Is the QR code slightly covered or obscured?
Resolution: The Authentication App isn't scanning the QR code
Are they trying to set up the account on 2 Authentication apps?
We don't support multiple users having access to the same account.
Resolution: Informing the User the security system doesn't allow us to have multiple devices storing the OTP.
Do they actually have an account?
If they don't, set up an account.
Resolution: Check Account details
Is their account inactive?
If their account is inactive they won't be able to sign in.
Resolution: Check Account details
Are they a system user or a non-system user?
If they are a non-system user they won't be able to sign in or receive the forgotten password email.
Resolution: Check Account details
Is their account blocked?
Unblock their account.
Resolution: Check Account details
Code not working sanity checks
Are they using their camera to scan?
This won't save the 2FA as an account, and won't allow them to enter a valid code.
Resolution: If they don't have an Authenticator App
Does their Authentication App have multiple accounts saved?
They could be entering the wrong account code.
Resolution: The Authentication App has multiple saved accounts
Is the Authentication App legitimate (Microsoft/Google/Etc)
They may need to get a new Authenticator.
Resolution: If they don't have an Authenticator App
Is their Phone Very Old?
Some Phones may be unable to use an authenticator such as a dumb phone.
Resolution: Inform the user they will need to use a different device to set up Authentication.
Are their Apps updated?
Some issues may arrise if the users phone is not updated correctly.
Resolution: Inform the user they will need to update their apps.
Has the user Jail broken the device?
Jail broken phones maybe unable to correctly complete the steps, and assisting them may
Resolution: Do not attempt to resolve this for the user as Jail broken phones may have unique bugs.
Is the phone using automatic time?
Auth0 MFA relies on Automatic date and time because it is a Time-Based One-Time Password (TOTP)
Resolution: Automatic date and time
Resolutions
If The QR code appears
Send them a copy of the MFA one-time password guide: https://cmmsproviderguide.cbcgroup.com.au/BasicOperations/CBC-PROC-036 (opens in a new tab)
Check Account details
Go to User's Profile
Check they have an email
Check the account is unlocked
Check the account is Active
Check the account is not a mailbox account
Check the email system is actually sending a notification
Reset MFA
Users may sometimes change device without backing up their Authenticator App accounts.
Without that device, that can no longer gain access to the CMMS account
Access Auth0
Naviagate to the User
User Management menu > Users
Search for email address of User
Click 'Reset MFA'
If they don't have an Authenticator App
Get them to download an Authenticator.
Microsoft Authenticator
Android: https://play.google.com/store/apps/details?id=com.azure.authenticator&hl=en_AU&gl=US (opens in a new tab)
iOS: https://apps.apple.com/au/app/microsoft-authenticator/id983156458 (opens in a new tab)
Google Authenticator
Android: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_AU (opens in a new tab) &gl=US
iOS:https://apps.apple.com/au/app/google-authenticator/id388497605 (opens in a new tab)
LastPass Authenticator
Android: https://play.google.com/store/apps/details?id=com.lastpass.authenticator&hl=en_AU&gl=US (opens in a new tab)
iOS:https://apps.apple.com/us/app/lastpass-authenticator/id1079110004 (opens in a new tab)
2FA Authenticator
Android: https://play.google.com/store/apps/details?id=com.twofasapp&hl=en_AU&gl=US (opens in a new tab)
iOS: https://apps.apple.com/us/app/2fa-authenticator-2fas/id1217793794 (opens in a new tab)
The Authentication App isn't scanning the QR code
If the user has Zoomed way in on their browser part of the QR code maybe being obscured.
The Authentication App has multiple saved accounts
Get the user to remove the existing accounts from their authenticator.
(If Needed) Reset their Auth0 account
Get them to start the process of linking their device to CMMS again.
Automatic date and time
The user will need to open their phone settings.
Search for "Automatic"
Select the option "Automatic Date and Time"
Make sure that the option is turned on.
Search again for "Automatic"
Select the option "Automatic Timezone"