MFA issue with multiple organisations

Question

MFA issue with multiple organisations

Jacob Duijzer 21

Recently I had to re-add my MFA authentication because it was not correctly configured (or that's what they told me). Since I did this, I am unable to login into two other organizations. I have two AD tentants (one from my organization, one I created myself for testing purposes). I also have an AD B2C tenant. When I am logging in into portal.azure.com/{organization-tenant-id} I am able to login and use MFA. When I want to switch to one of the other organizations, my authenticator app throws an error and I an unable to login.

To verify my identity, when not being able to use the app, I can choose "Approve in app" or use verification code in app, which I can't because of the error. }

The error in my Authenticator app is: "error finding an account to complete multi-factor authentication. you may need to add the account again".

Is there anyone who can help me in the right direction? I have tried several things but currently I am lost. Tried: disabling MFA in my main account, re-adding my account in the app, rebooted my phone and some other things.

JamesTran-MSFT 34,231 Reputation points Microsoft Employee

2022-03-28T23:02:09.747+00:00
@Jacob Duijzer
Thank you for your post!

Are you able to access aka.ms/mfasetup for either of your tenants that you can't access, or does this require you to authenticate via the app as well?

What tenant are you logging into successfully with MFA?

Is the issue only occurring when you switch tenants to your Organization's tenant and Personal tenant?

When it comes to your two tenants (Org and Personal), if you have other users within your tenant, they should be able to add another authentication method for you. This way you can use the text/call option to sign-in.

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
Jacob Duijzer 21 Reputation points

2022-03-29T06:18:05.49+00:00
Thanks for taking the time to answer.

I can access aka.ms/mfasetup but I guess thats only for the tenant I can log in to as I don't see any organization there and the screen to send SMS works

I can only log into the organizational tenant, not into the tenant(s) I created myself

I am unable to access any personal tenant, both the B2C and the ADD tenant. I created them all with the same account.

Kind regards,

Jacob
Diolo Esguerra 1 Reputation point

2022-11-28T07:23:53.147+00:00

@Jacob Duijzer

Hi, is your issue now solved? I am experiencing the same, I am thinking of reaching out to MS support, but you might be able to help me.

Thank you

JamesTran-MSFT 34,231 Reputation points Microsoft Employee

2022-03-28T23:02:09.747+00:00

@Jacob Duijzer
Thank you for your post!

Are you able to access aka.ms/mfasetup for either of your tenants that you can't access, or does this require you to authenticate via the app as well?

What tenant are you logging into successfully with MFA?

Is the issue only occurring when you switch tenants to your Organization's tenant and Personal tenant?

When it comes to your two tenants (Org and Personal), if you have other users within your tenant, they should be able to add another authentication method for you. This way you can use the text/call option to sign-in.

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
Jacob Duijzer 21 Reputation points

2022-03-29T06:18:05.49+00:00

Thanks for taking the time to answer.

I can access aka.ms/mfasetup but I guess thats only for the tenant I can log in to as I don't see any organization there and the screen to send SMS works

I can only log into the organizational tenant, not into the tenant(s) I created myself

I am unable to access any personal tenant, both the B2C and the ADD tenant. I created them all with the same account.

Kind regards,

Jacob
Diolo Esguerra 1 Reputation point

2022-11-28T07:23:53.147+00:00

@Jacob Duijzer

Hi, is your issue now solved? I am experiencing the same, I am thinking of reaching out to MS support, but you might be able to help me.

Thank you

Answer 1

JamesTran-MSFT 34,231 Microsoft Employee

@Jacob Duijzer
Thank you for following up on this!

Since you can't access any of your personal tenants, and you don't have any other users that can add additional authentication methods (phone/email) for you. I'd recommend reaching out to our Support Team through an Azure Support Request, if you have this capability within your Organization's tenant, or you can reach out using the customer service number for your country/region.

For future reference, I'd also recommend creating and managing an emergency access account in Azure AD, this will help prevent being accidentally locked out of your Azure Active Directory (Azure AD) organization because you can't sign in or activate another user's account as an administrator.

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

Jacob Duijzer 21 Reputation points

2022-03-31T18:21:31.443+00:00

Thanks, good advice! My organization just requested support from MS, just waiting for feedback from their side.
Jun Fernandez 0 Reputation points

2023-03-24T01:04:03.97+00:00

Hi @Jacob Duijzer was this issue resolved? Just asking as I am currently having the same problem.
Jacob Duijzer 21 Reputation points

2023-03-24T05:54:34.1+00:00

Yes, it has been resolved. I somehow managed to have an environment without any administratieve user. Someone from Microsoft had to take over my environment to add a user. It took some days and signing some documents because of legal rights too, if I remember correctly. Lesson learned: create an extra administratieve account as soon as you can

Answer 2

Andy David - MVP 134.1K MVP

Do you have access to "Require Reregister MFA" in those other tenants?

https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userdevicesettings#manage-user-authentication-options

Jacob Duijzer 21 Reputation points

2022-03-28T19:40:09.55+00:00

No I do not, but I have seen this option when my administrator shared his screen. Not sure if this will work though because he was not able to see my organizations and I guess this will only reset my mfa-setup for the main, organizational tenant.

MFA issue with multiple organisations

1 additional answer

Activity