Share via

MFA User Registration Issue

Nareg Phoenix 0 Reputation points
2023-06-02T12:48:19.4033333+00:00

Hello Team,

We have several users inside of a group that are facing below issue.

Several actions were carried out on our side.

Here are the stages of the 2 tests we carried out:

Scenario 1:

  1. When attempting to connect to O365, the authentication method setup is requested.
  2. The user clicks on the link and starts the process.
  3. The QR code is scanned with the app authenticator and the error message appears.

Scenario 2:

  1. From the authenticator, we try to add a business or school account.
  2. The login page is opened
  3. After successful login, the user is presented with the error message.

Screenshot_1

Error message: "The account you are trying to add is not valid at this time. Contact your administrator to resolve this issue (uniqueness validation)."

Additional notes:

  • The users are not blocked.
  • The remaining users have registered MFA without complications.

Thank you.

Microsoft Security Microsoft Entra Microsoft Entra ID
Microsoft Security Microsoft Authenticator

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Matthew Beechey - Mobius 6 Reputation points
    2023-10-27T00:40:56.51+00:00

    I have just been working with this exact issue. Whenever I tried to register a Global Admin account (Unlicensed just used for Admin) with Microsoft Authenticator I would get this error.

    Also if I tried to use SMS for MFA it would fail with a generic error message.

    I then happened to be in Entra and looking at the accounts Contact info (Luckily we made another Global Admin account that works) I noticed the email address for alternate address was out of date. When I tried to edit that and save it I got a more useful error:

    Failed to update user
    Update would cause the user to have a proxy address already present on user "John Smith". Click on the notification to see the conflicting user.

    So it turned out that the Global Admin's login account was ******@tenantdomain.co.nz where there was a user with the same as an Email alias. As soon as I deleted that email alias everything started working with the main admin account.

    Obviously in the past 365 allowed you to have a non-licensed user with a username that was the same as an email alias assigned to a mailbox but not that breaks things with AzureAD/Entra and MFA etc.

    I've changed the Global Admin's login name back to the onmicrosoft.com FQDN so hopefully I'll be able to put the users email alias back at some point.

    I spend a bit of time bouncing errors back to a 365 support person and was just at the point of it being escalated to someone from the MFA team when I got that more useful error when attempting to give her more info.

    1 person found this answer helpful.
    0 comments
  2. VasimTamboli 5,215 Reputation points
    2023-06-02T15:32:05.2633333+00:00

    Hello Nareg Phoenix,

    The error message you mentioned, "The account you are trying to add is not valid at this time. Contact your administrator to resolve this issue (uniqueness validation)," indicates that there might be an issue with the MFA (Multi-Factor Authentication) user registration process for the affected users. Here are a few suggestions to troubleshoot this problem:

    Verify User Accounts: Ensure that the user accounts attempting to register for MFA are valid and active. Confirm that their accounts are properly provisioned and have the necessary permissions to enable MFA.

    Check User Attributes: Review the user attributes, such as usernames or email addresses, to ensure they are unique and not conflicting with any other user accounts or identities in your system. The error message references "uniqueness validation," so it's possible that there might be a conflict with the user account attributes.

    Check MFA Configuration: Review your MFA configuration settings to ensure they are correctly configured. Double-check that the MFA settings align with your organization's requirements and that any restrictions or limitations are appropriately set.

    Verify Authenticator App: Ensure that the authenticator app being used for MFA registration is compatible and up-to-date. Check if there are any specific app versions or requirements mentioned by your organization or the MFA provider.

    Contact Administrator or Support: If the issue persists, it would be advisable to reach out to your administrator or the MFA support team for further assistance. They can investigate the specific error message and troubleshoot the MFA registration issue for the affected users.

    By following these steps and involving the appropriate support channels, you should be able to resolve the MFA user registration issue. It's essential to ensure that all necessary user attributes are unique, the MFA configuration is accurate, and any potential conflicts are addressed.

    If you have any additional questions or need further assistance, please feel free to ask.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.