The following tips will help you troubleshoot a sign-in issue when you use IT Glue's multi-factor authentication (MFA) solution. Note: If your administrator has turned on enforced MFA, you will be required to enable MFA even if you previously signed in without it.
To sign in with IT Glue MFA, you need three separate bits of information:
- Your username
- Your password
- A numeric code generated by an authenticator app on your mobile phone
I am having MFA sign-in errors / codes aren't working.
- Double check that time is accurate on your mobile device, or the time-based security code will not validate. Setting your device to be synced with the internet time is essential.
- Also, if the time on your authenticator app is not synced correctly, the MFA activation or sign-in attempt may be unsuccessful.
If you are using Google Authenticator:
- From Google Authenticator, navigate to the main menu.
- Click Settings.
- Click Time correction for codes.
- Click Sync now.
On the next screen, the app will confirm that the time has been synced, and you can now sign in. This change will only affect the internal time of your authenticator app and will not change your device’s date and time settings.
What do I do if I am locked out?
After several failed sign-in attempts, your account will be locked. Once it's locked, you will have to check your email for unlock instructions (or you can reset your password) before you can try again.
How do I sign in without my phone?
If you forgot to bring your mobile device with you to work or the battery is depleted, you can use your one-time recovery MFA token instead of the code generated by the authenticator app. You may have saved the recovery token to a password manager or an encrypted notes app. The recovery token is a fallback authentication method and not something you typically use.
The recovery token for an MFA enabled account
Simply enter your recovery token into the MFA Code field when you sign in. The recovery token can only be used once.
IT Glue will not disable MFA after you sign in, so if you need to sign in again without your mobile device, you have two options:
- You can generate a new recovery token from your profile and store it in a secure place for later use.
- You can disable MFA from your profile only if MFA is not enforced on your IT Glue account. Enforced MFA is when all users of the account are required to enable MFA. If MFA is enforced, you will be forced to set up MFA at your next sign in.
If you don't do one of these two options, and then you sign out of your account, you won't be able to sign in again.
How do I reset my MFA?
Follow these instruction if you need to reset your MFA for any reason (e.g. to replace or factory reset your mobile device). After it is reset, you can enable your MFA again.
You have a recovery token
Enter your recovery token into the MFA Code field when you sign in and then reset your MFA by disabling and re-enabling it in your profile. Set up MFA access again by scanning the QR code, and then make sure you save a new recovery code for future use.
You don't have a recovery token
An Administrator can reset your MFA:
- Under Account > Users, click the pencil icon next to the user on the far right.
- On the Edit User screen, click the Reset MFA link to immediately reset the user's MFA. The user will be prompted to re-enable MFA again when they sign in.
Or, see Recovering a lost MFA code for an Administrator if you are the only Administrator on your account.