Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
gorr
New Member - Level 1
‎Oct 20, 2023 11:44 AM
‎Oct 20, 2023 11:44 AM

2FA failures for all users

Good afternoon,

The 2FA QR code and also the bypass code are saying failure when all of our users try to login. We have used the copy and paste method and also the QR code on our cellphones. What advice can you give on how to remedy? All users are experiencing the same issue.

2 people had this issue.
Labels
1 Solution
Solution
rphelps
Occasional Member - Level 3
In response to jwestbrooks1
‎Oct 20, 2023 01:38 PM
‎Oct 20, 2023 01:38 PM

2FA Setup Guide (pef.org)

Something that is online and has step by step.  Pretty good resource.

or this one

2FA Setup Guide (natca.org)

View solution in original post

0 Kudos
9 REPLIES 9
MelanieT
SAP Concur Employee
SAP Concur Employee
‎Oct 20, 2023 12:23 PM
‎Oct 20, 2023 12:23 PM

@gorr Hello!

 

There are a few potential reasons why the system may not be recognizing the code that was entered. Please see below the potential reasons and how to fix them:

Scenario 1: User has not added their SAP Concur account on an authenticator app or extensions and is entering the manual key in the Authentication Code field:

The Authentication Code field is where you should enter the 6-digit code generated by the Authenticator app of their choosing, after you added the account in the authenticator app using the key provided by SAP Concur.
 
To set up 2FA, you should download an authenticator app (if you don't have one already) and add an account within the authenticator app, using either the QR code or the manual key. After the account is added, the authenticator app will display a 6-digit code that you should copy and then enter in the Authentication Code field in the SAP Concur Sign In page. More details on how to set up 2FA can be found in the article How do I enroll for SAP Concur 2FA?

Scenario 2: The code that the user is trying to enter has already expired:

The authentication code is time-based and expires every 30 seconds. Please make sure that the authentication code entered is still active in the authentication app.

Scenario 3: The time on the user's mobile device is not synchronized:

Please follow the below steps to fix this issue:

iOS devices:

  1. Go the phone Settings
  2. Scroll down and click on General
  3. Scroll down and click on Date & Time
  4. Select Set Automatically to true
  5. Close and reopen the authenticator app
  6. Enter the authentication code in SAP Concur again

Android devices:

  1. Go the main menu of the authenticator app
  2. Click on the three dots on the top right hand side
  3. Click on Settings
  4. Select Time correction for codes
  5. Click Sync now
  6. The message displayed will confirm if the time has been synchronised or if it was already correct
  7. Close and reopen the authenticator app
  8. Enter the authentication code in SAP Concur again

Scenario 4: The user has simultaneously opened the 2FA enrollment page in more than one browser. They then added the account using the QR code or secret key from the first window that was opened:

Every time you open the enroll in 2FA page, we initialize the 2FA secret on the database and a unique QR code and secret key are displayed. However, we only honor the latest initialized secret. Therefore, if you opened the enroll in 2FA page in two different browsers, or in a browser and in the mobile app, the only QR code and manual key that will work will be the ones from the page that was opened last. If that is the case, you should delete the account you had created in the authenticator app or extension, and add a new account using the latest generated QR code or manual key.

If none of the above scenarios fix your issue, please try to delete the account you had created in the authenticator app or extension and add a new account, to troubleshoot the issue.

If the error persists, please create a case with SAP Concur Support, providing the troubleshooting steps you tried already, the name of the authenticator app or extension that you are using and a screenshot of the error.

 

Remember to tag me if you respond or feel free to mark this post as Solved if you don't have further questions or comments. To tag me on your response, you click the Reply button, first thing to type is @. This should bring up the username of the person you are replying to.


Thank you,
Melanie Taufen
SAP Concur Community Moderator
Did this response answer your question? Be sure to select “Accept as Solution” so your fellow community members can be helped by it as well.
0 Kudos
gorr
New Member - Level 1
‎Oct 20, 2023 12:31 PM
‎Oct 20, 2023 12:31 PM

gorr_0-1697830232718.png

Thank you for answering, This is what we are getting when we try to setup on website. I just tried this so code is fresh.

0 Kudos
gorr
New Member - Level 1
In response to gorr
‎Oct 20, 2023 12:32 PM
‎Oct 20, 2023 12:32 PM

And I have been on hold with support now for one hour and 18 minutes waiting to speak to someone live

0 Kudos
jwestbrooks1
Occasional Member - Level 3
In response to gorr
‎Oct 20, 2023 01:25 PM
‎Oct 20, 2023 01:25 PM

there are not good instructions for this - that long string of text actually needs to be pasted into an authenticator and then a 6 digit code will be given to you to log in. 

 

0 Kudos
Solution
rphelps
Occasional Member - Level 3
In response to jwestbrooks1
‎Oct 20, 2023 01:38 PM
‎Oct 20, 2023 01:38 PM

2FA Setup Guide (pef.org)

Something that is online and has step by step.  Pretty good resource.

or this one

2FA Setup Guide (natca.org)

0 Kudos
gorr
New Member - Level 1
In response to rphelps
‎Oct 20, 2023 02:40 PM
‎Oct 20, 2023 02:40 PM

Thank you, I needed to change the authenticator to DUO instead of Google (which we allow/have also) so that worked. Based on your attachment it made me try a second authenticator so I appreciate it.

0 Kudos
rphelps
Occasional Member - Level 3
In response to gorr
‎Oct 20, 2023 01:40 PM
‎Oct 20, 2023 01:40 PM

2FA Setup Guide (pef.org)

Something that is online and has step by step.  Pretty good resource.

or this one

2FA Setup Guide (natca.org)

0 Kudos
carlosgomez
Occasional Member - Level 1
In response to gorr
‎Oct 30, 2023 11:52 AM
‎Oct 30, 2023 11:52 AM

For anyone getting this error, the issue is that they are scanning the QR code with the phone's camera directly, not with an Authenticator app (notice how the key matches in the screenshot above). To resolve this, install an Authenticator app allowed by your organization, and then follow the steps for that app to add a new entry (which requires scanning the QR code, or entering the key manually). Hope this helps.

cheesus23
New Member - Level 2
‎Nov 22, 2023 08:22 AM
‎Nov 22, 2023 08:22 AM

we have been having this issue, that when 2fa is set or or trying to set up the 6 digit code is never accepted

 

we tried via verified ID's in the auth app to no avail

 

after some digging found a fix

 

for a quick explanation behind it:

if you have SAP open in 2 chrome tabs, tab 1 gives the QR, you then lopad on tab 2 and get the QR, and scan from tab 2 - it fails, as it requires the original QR from tab 1
my company had the setting to email a QR code link to users when setting up MFA, which i beleive is causing the above, the original log in tab has an "Invisible" qr of sorts, and the emails link generates an invalid 2nd QR code
we switched off the email QR link, and reset users MFA, and so far all tested ones have worked first time

se below for the setting at the bottom

SAP.JPG

0 Kudos
SAP Concur Community
SAP Concur
SAP
Additional Resources
© Copyright 2024 Concur Technologies, Inc. All rights reserved.
Privacy Policy|Terms of Use|Do Not Share/Sell My Personal Information|