Technical Tip: 2FA Login Error (using Google Authenticator)

YehonatanA · ‎06-13-2024

Description

This article describes how to resolve 2FA 'Whitelabel Error Page'.

When connecting to the management console via 2FA, following Authenticator Code submission, there are cases where one of two errors may occur:

URL Redirect to: 'Whitelabel Error Page - This application has no explicit mapping for /error, so you are seeing this as a fallback.'

Whitelable Error Page.PNG

Console login error message: 'User has reached the maximum allowed number of failed login attempts. The Account is now locked, please contact System Administraton.'

Maximum allowed number of failed login attempts.PNG

Scope

FortiEDR.

Solution

Navigate to Management→ Users→ Create\Edit user
Check the 'Enable Two-Factor Authentication for this user' checkbox → Save'
Log out from the console and login using the above user credentials → Scan the on-screen barcode using the mobile phone scanner app → Insert Authentication Code → Submit.

Expected Behavior: Successful login.
Actual Behavior: 'Whitelable Error Page" / Error message "User has reached the maximum allowed number of failed login attempts. The Account is now locked, please contact System administrator'.

Unlocking the user or Resetting the Two-Factor authentication token will not affect the error message.

Solution:

To remediate this issue, the user must delete the Google Authenticator account within the Google Authenticator app, then select "Add account" and rescan the on-screen barcode. Following this action, the 2FA login will work as expected.

Delete the Google Authenticator account and add a new account should be performed from the user's mobile device Google Authenticator application.

Technical Tip: 2FA Login Error (using Google Authenticator)

You are leaving our website