Short Answer: "MFA failed" means the multi-factor authentication step did not succeed. Verify the correct MFA code was entered, ensure the device time is synced, and contact your administrator if the issue continues.
PreRequisites
-
The user has access to their MFA method (authenticator app, hardware key, etc.).
-
The user can contact an administrator if needed.
Steps
-
Ask the user to retry signing in and carefully enter the MFA code.
Confirm the user can generate and enter a valid MFA code. -
If using a time-based authenticator app, verify the device clock is accurate and synced automatically.
Correct time synchronization ensures the generated codes match the server. -
If available, try a backup code or alternate MFA method according to your organization’s process.
The alternate method may allow the user to sign in successfully. -
If MFA failures continue, contact your organization’s administrator to check or reset the user's MFA configuration.
The admin can re-enroll the MFA device or provide further troubleshooting steps.
Troubleshooting
-
MFA codes are rejected even when entered correctly.
Likely Cause: The authenticator app’s clock is out of sync or the device is misconfigured.
Action:
-
Enable automatic time sync on the device.
-
Resync the authenticator app’s time (if supported).
-
Ask an administrator to re-enroll the MFA device if needed.
-
Note: The Access logs display "MFA failed" events but do not provide MFA configuration options. For device resets or re-enrollment, contact your administrator.