Skip to main content

Hi,

I am trying to enable 2FA bij selecting the login verification option “Password and TOTP token” in IAM. When I try to login with that account for the first time a dialog is shown with a QR-code to register. After scanning the QR-code from the authenticator, the App is registered and a TOTP token is provided. However no validation token is provided, which has to be entered next. I have tried this with Google Authenticator and Microsoft Authenticator with the same result. I have entered an existing e-mailaddress at the user level, but to no avail.

Did I miss something that needs to be configured or has someone encountered the same issue and can provide me with a solution?

I am using 2024.1

Hello ​@Robert Wijn 2,

The validation token is the code that is produced by the Authenticator app after scanning the QR code. Once the app is registered in your Authenticator app, it will continuously generate codes that are valid for a few minutes. Every 30 seconds or so, the code shown in your Authenticator app will change to a new code. This is how TOTP works.

Does this answer your question or am I misunderstanding the problem?


Hi Vincent,

The problem is that the validation token is not provided, so I can’t complete the registration. It does generate the codes every 30 seconds within the authenticator App, but I can’t get past the registration dialog because of the missing validation token.


Hello ​@Robert Wijn 2

It does generate the codes every 30 seconds within the authenticator App

These codes are the validation tokens that you enter to complete the registration (and subsequent logins). Have you tried entering one of these codes to see if it works? Do you get some kind of error message?

I hope this helps


Hi Vincent,

Tried those generated codes multiple times, but doesn't accept one of them as the validation token. The error messages says that the entered validation code is not valid and to try again.


Hi Vincent,

This morning I tried again and now both registration and authentication worked directly . Could there be some delay? Forgot to mention we are using Azure as our deployment platform. Maybe that could have something to do with it?


Reply