Troubleshoot Two-Factor Authentication

For information about configuring two-factor authentication (2FA), see Configure Two-Factor Authentication.

Important: You cannot perform the following tasks when 2FA is enabled for your account: add or remove additional servers in a distributed services environment, transfer data from one Loftware Enterprise SP instance to another, install a new driver, or install Loftware Enterprise SP Business Intelligence. To perform these tasks, disable 2FA for your account and enable it again after the task is complete, if desired.

Scenario	Resolution
A user deletes their authenticator app account corresponding to their Loftware Enterprise SP user.	If You Have Your Secret Key: Add a new account in the authenticator app but instead of scanning the QR code, manually enter your secret key. Enter one of the following for the account name: Loftware Enterprise SP SuperAdmin Loftware Enterprise SP SystemAdmin Loftware Enterprise SP ClientAdmin If You Do Not Have Your Secret Key: Have another administrator sign in to Loftware Enterprise SP and disable and then re-enable 2FA for your account. (see Disable Two-Factor Authentication and Enable Two-Factor Authentication). You must then reconfigure your authenticator app, following the steps in Configure Two-Factor Authentication. The new secret key replaces the previous key and should be saved in a secure and private location.
A user has lost their mobile device.	If You Have Your Secret Key: Download the authenticator app on the new mobile device. Add a new account in the authenticator app but instead of scanning the QR code, manually enter your secret key. Enter one of the following for the account name: Loftware Enterprise SP SuperAdmin Loftware Enterprise SP SystemAdmin Loftware Enterprise SP ClientAdmin If You Do Not Have Your Secret Key: Download the authenticator app on the new mobile device. Have another administrator sign in to Loftware Enterprise SP and disable and then re-enable 2FA for your account (see Disable Two-Factor Authentication and Enable Two-Factor Authentication). You must then reconfigure your authenticator app, following the steps in Configure Two-Factor Authentication. The new secret key replaces the previous key and should be saved in a secure and private location.
All three built-in administrator users have lost access to their authenticator app account corresponding to their Loftware Enterprise SP users. This may be caused by loss of a mobile device or accidental deletion of the accounts in the app. None of the three users have their secret keys.	If 2FA is enabled but none of the three administrators can sign in, you can manually disable 2FA by having your database administrator delete all rows in the "LOFTSPEC.user_mfa_config" table. When this is complete and saved, the administrators can sign in normally. You may re-enable 2FA by following the steps in Configure Two-Factor Authentication again.

Scenario

Resolution

A user deletes their authenticator app account corresponding to their Loftware Enterprise SP user.

If You Have Your Secret Key:

Add a new account in the authenticator app but instead of scanning the QR code, manually enter your secret key. Enter one of the following for the account name:

Loftware Enterprise SP SuperAdmin
Loftware Enterprise SP SystemAdmin
Loftware Enterprise SP ClientAdmin

If You Do Not Have Your Secret Key:

Have another administrator sign in to Loftware Enterprise SP and disable and then re-enable 2FA for your account. (see Disable Two-Factor Authentication and Enable Two-Factor Authentication). You must then reconfigure your authenticator app, following the steps in Configure Two-Factor Authentication. The new secret key replaces the previous key and should be saved in a secure and private location.

A user has lost their mobile device.

If You Have Your Secret Key:

Download the authenticator app on the new mobile device. Add a new account in the authenticator app but instead of scanning the QR code, manually enter your secret key. Enter one of the following for the account name:

Loftware Enterprise SP SuperAdmin
Loftware Enterprise SP SystemAdmin
Loftware Enterprise SP ClientAdmin

If You Do Not Have Your Secret Key:

Download the authenticator app on the new mobile device. Have another administrator sign in to Loftware Enterprise SP and disable and then re-enable 2FA for your account (see Disable Two-Factor Authentication and Enable Two-Factor Authentication). You must then reconfigure your authenticator app, following the steps in Configure Two-Factor Authentication. The new secret key replaces the previous key and should be saved in a secure and private location.

All three built-in administrator users have lost access to their authenticator app account corresponding to their Loftware Enterprise SP users. This may be caused by loss of a mobile device or accidental deletion of the accounts in the app. None of the three users have their secret keys.

If 2FA is enabled but none of the three administrators can sign in, you can manually disable 2FA by having your database administrator delete all rows in the "LOFTSPEC.user_mfa_config" table. When this is complete and saved, the administrators can sign in normally. You may re-enable 2FA by following the steps in Configure Two-Factor Authentication again.