I have a couple of users that the Google Authenticator MFA/OTP just does not work for (and a lot who it’s fine for). One of them it was working and stopped the other it’s never worked.
We’ve tried disabling MFA and setting it up again for them, deleting their account and starting afresh, using Firefox instead of Chrome but for some reason these 2 guys can’t get MFA to work.
Is there anyone who’s had a similar issue and worked out what was causing it or can point me at some further troubleshooting steps?
Can you explain “it does not work”, does it say the OTP is invalid or something else? If the error is on the MFA form screen, typically the server saying the token is invalid, this can happen when the device and/or server time are not up to date. There is a threshold to make sure there is a wiggle room in time discrepancy, but it’s not much (30s if I remember correctly).
Have a look at enabling NTP on the server if this is not done yet, and same on the client, make sure there is automatic clock sync in place.
Let me know if it’s another error, like user is looping on the page, it could also be a cookie issue.