Overview
Identify, monitor, and resolve Multi-Factor Authentication (MFA) related issues to restore secure access and maintain business continuity. By effectively managing MFA errors, you can reduce downtime, prevent unauthorized access, and ensure a secure experience.
Who uses this feature
Administrators
Applies to all business types
Applies to all trades
Feature configuration
Account configuration is required to use this feature. Please contact Technical Support for details.
View MFA error logs
On the MFA screen, click More
.Select the View MFA error logs option.
On the Multi-Factor Authentication Errors window that opens, you can:
Search for the error log
Filter by date
Filter the type by:
Account Lock
Cooldown Activated
MFA Provider Failure
Not My Number
Lock employee or technician account
On the Security screen, click More
.Select Lock user Account.
In the confirmation window that opens, click Lock Account to proceed with locking the employee or technician account, or click Cancel to dismiss the action.
View MFA errors and system messages
Account lock
After multiple failed MFA attempts, the system locks the employee or technician account and displays a message prompting them to contact their administrator.
Code resend cooldown period
Note: You can reset the 1-hour MFA setup cooldown so you can try again right away.
After five failed verification attempts, employees or technicians receive a cooldown error message and must wait before trying again.
Not my number
If the displayed phone number is incorrect, employees or technicians can click It's not my phone number. The system displays an error message.
An error message appears.
The account is locked after multiple failed login attempts.
If the session times out, a Session Expired error message is displayed.
Use recovery codes
You see your recovery codes only when you first log in. Save them in a secure location, as you need one if you lose access to your mobile device.
Note: Recovery codes are shown to users with an Administrator role only. The order of codes is important, and if you don't save them, there's no way to recover them.
1. 670428962800532 | 2. 6704289626800532 |
|---|---|
3. 6704289626800532 | 4. 670428962680532 |
5. 670428962680532 | 6. 670428962680532 |
7. 670428962680532 | 8. 670428962680532 |
9. 670428962680532 | 10. 670428962680532 |
Troubleshoot MFA errors
During the MFA process, employees or technicians may encounter the following errors:
Incorrect phone number: The phone number the employee or technician enters doesn't match the one associated with their account.
Account lock: Employee or technician account is temporarily locked due to multiple failed login attempts.
Cooldown: The system temporarily blocks additional verification attempts after too many failed MFA submissions.
SMS failure: The system is unable to send the verification code by SMS.
MFA provider failure: The system was unable to retrieve data from the MFA provider, for example, Twilio, and the request failed with the Error Code: 500
FAQ
What triggers an MFA cooldown period?
A cooldown starts after 10 consecutive SMS code requests without successful verification.
How long is the MFA cooldown period?
The cooldown lasts one hour. If another verification is initiated during this time, the cooldown resets for another hour.
When does the Session Timeout screen appear?
It appears when:
You enter your password and reach the code entry screen.
You receive the code but take no action for 30 minutes.
After timeout, entering the code redirects you to an error page.
Why can't users log in after MFA is enabled?
Browser cache issues: Have the user clear their browser cache and cookies, or try using an incognito window.
Outdated mobile app: Users must have the latest version of the ServiceTitan Field Mobile App. The old app does not support MFA.
Incorrect credentials: Users must enter their username, not their email address, when logging in.
Account lock: After 10 unsuccessful login attempts, the account will automatically be locked for security reasons.
Account cooldown: If users receive a login error, have them wait for the cooldown period to expire before trying again.
If a user receives codes but still gets a Login Failed error, have them uninstall and reinstall the mobile app, clear saved passwords, and disable any remember me features.
Why doesn't password reset work when MFA is enabled?
If a user cannot receive MFA codes, you must temporarily disable MFA for them, complete the password reset, and then re-enable MFA after they have logged in successfully. Setting a temporary password while MFA is active may cause login issues.
What should I do if MFA codes are not being sent or are delayed?
Phone number provisioning: New numbers can take up to some time to become active in our system.
SMS service delays: There may be temporary service issues or outages.
Incorrect phone number format: Verify the number is correctly formatted in the user's profile. To troubleshoot, check the MFA error logs by going to Settings > Security > MFA > More > View MFA error logs. If delays continue for more than 24 hours, Contact ServiceTitan technical support.
What do specific MFA error messages mean?
MFA Mobile Number is incorrect. Contact your administrator: The phone number in the user's profile doesn't match the number receiving the codes, or the number is incorrectly formatted.
Your account is in a cooldown period: Too many failed verification attempts occurred; you must wait one hour before trying again.
Value is required when MFA is enabled: Indicates a missing Allow Manage MFA permission.
Activity Id: 00-[string]: This is a system authentication error. Try reinstalling the app or clearing your browser cache.
For more, see Resolve and manage MFA errors.
Are there browser or device requirements for MFA?
MFA works best with the latest version of Google Chrome. If you experience issues, clear your browser's cache and cookies, or try using an incognito window. On mobile devices, ensure the ServiceTitan Field Mobile App is updated to the latest version.
What happens if I replace my device, will I be locked out of my account?
You will not be locked out. We have safeguards in place for device loss or replacement, depending on the authentication method you use:
For SMS: Since the code is linked to your phone number, you will immediately start receiving SMS codes on your new phone.
For Authenticator App (TOTP): If you use an authenticator app, such as Google or Microsoft Authenticator, that supports cloud backup, you can restore your tokens to your new device simply by logging into that app.
Recovery and Admin Control: If you can't restore your authenticator app, or if you change your phone number, your administrator has the ability to easily disable or reset your MFA setup from the user profile. This allows you to regain access and re-enroll your new device.
Phone number is already in use?
This can happen if a number is assigned to an active or inactive account. Contact ServiceTitan technical support to have the number cleared from the system.
Users can't log in after MFA is enabled?
Check if you followed the bulk enablement process correctly. Clear the browser cache, ensure the mobile app is up to date, and have users enter their username instead of their email.
Codes are not being received or are delayed?
Verify the phone number format, check the MFA error logs, and remember that new numbers can take up to some time to become active.