mfa issue
We encounter an issue when we tried to log into the plateform. The error says there is a mfa required, but the user does not have MFA configured. This is a problem we first encountered last Friday.
14 Replies
Hi @alexdess_, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.
Answer
I wasn't able to find a direct answer about why MFA would be required for a user without MFA configured. Here are some relevant sources:
1. MFA self management does not respect login policy : This GitHub issue discusses how MFA settings may not be properly respected, though it notes that "the login will only accept allowed factors even when others are set up." (1)
2. MFA required for external IDP : This discusses a case where MFA was unexpectedly required. The solution involved checking if settings were configured at the organization level versus default settings level, which can override each other. (2)
**
ā
To learn more, see the sources I considered:
[1] MFA self management does not respect login policy
[2] MFA required for external IDP
ā
Feel free to tag @Ask Inkeep with additional questions.
Got the same issue today after updating to the latest version, can't access any MFA policy since it happened to the admin account. I'll let you know if I find anything.
hey @aureateAnatidae thanks for conforming, I am raising this internally now.
No problem. I'm here all day if you need more info.
Here's my likely-inadvisable solution and some screenshots of how I got there. I delete the record for the MFA on the user.
Had to expose a port for the deployment postgres container first
hey @aureateAnatidae thanks for the workaround, I have raised this internally.
seems to be a duplicate of https://discord.com/channels/927474939156643850/1435181911579557888
Is it possible to find a workaround for our PROD instance ? I can no longer log in and have to go through my colleague, who can still log in (until when?).
hey @alexdess_ we are still looking into it, its beeing identified and been worked on. I will have more updates on it tomorrow as the team is still trying to fix it.
As a quick workaround, you can remove the MFA from the instance if its causing too much issues.
Thanks for your feedback.
hey @alexdess_ on the side note this issue is being worked on today too š so a fix can be out today/tomorrow š
great to hear, thanks!
im actually curious as to how a fix would work here, since my fix was pretty manual. would there be some sort of startup script that deletes MFA rows?
I will share the PR once its been raised.