FortiEDR
FortiEDR automates the protection against advanced threats, pre and post-execution, with real time orchestrated incident response functionality.
YehonatanA
Staff
Staff
Article Id 320534

 

Description

When connecting to management console via 2FA, following Authenticator Code submission,  there are cases where one of two errors may occur:

1. URL Redirect to: "Whitelable Error Page - This application has no explicit mapping for /error, so you are seeing this as a fallback.

Whitelable Error Page.PNG

2. Console login error message: "User has reached the maximum allowed number of failed login attempts. The Account is now locked, please contact System Administrator".

 
Maximum allowed number of failed login attempts.PNG

Scope
  1. 1. Management→ Users→ Create\Edit user
  2. Check "Enable Two-Factor Authentication for this user" checkbox → Save
  3. Logout from console and login using the above user credentials→ Scan on-screen barcode using mobile phone scanner app→ Insert Authentication Code→ Submit

 

Expected Behavior: Successful login
Actual Behavior: "Whitelable Error Page" / Error message "User has reached the maximum allowed number of failed login attempts. The Account is now locked, please contact System administrator"

** Unlocking the user or Reset the Two-Factor authentication token will not affect the error message. 

Solution

To remediate this issue, the user must delete the Google Authenticator account within the Google authenticator app, then select "Add account" and rescan the on-screen barcode.

Following this action, 2FA login will work as expected.

 

** Delete Google Authenticator account and adding new account should be performed from the user's mobile device Google Authenticator application.

Contributors