Support Center

Google Authenticator Code Fails with JumpCloud Multifactor Authentication

Symptoms


Google Authenticator generates a TOTP token, but it will not authenticate for any MFA enabled resource.

 

Cause


Multifactor or "Two-Factor" apps like Google Authenticator implement what is called the Time-Based One-Time Password (TOTP) algorithm. It has the following ingredients:
 
  • A shared secret (a sequence of bytes)
  • An input derived from the current time
  • A signing function

Because the algorithm is signing (or rather, generating the MFA code) based on the time of the mobile device, it is important that the device has an accurate time within 60 seconds´╗┐ for Google Authenticator to properly generate the authenticator code for access so that it matches the shared secret and time input as expected on the server.

 

Solution


To make sure that you have the correct time in Google Authenticator:
  1. Go to the main menu on the Google Authenticator app
  2. Click Settings
  3. Click Time correction for codes
  4. Click Sync now
  5. On the next screen, the app will confirm that the time has been synced, and you should now be able to use your verification codes to sign in. The sync will only affect the internal time of your Google Authenticator app, and will not change your device’s Date & Time settings.
Reference: Google's Common issues with 2-Step Verification 

Alternatively, if the TOTP key was lost, you may reset the JumpCloud password to obtain a new key. You may also opt to try a different TOTP token generator such as Duo Mobile or FreeOTP.
 

Last Updated: Apr 24, 2017 10:49AM MDT

Related Articles
31b11a79e2c94470a66430cfe6d3eecd@jumpcloud.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete