If the user’s account information required for multifactor authentication is not set properly and it prevents the user from logging in, you can use the MFA Unlock command in Admin Portal to suspend multifactor authentication for 10 minutes—see User Management commands. The user must still enter the correct user name and password and is still prompted to enter the additional authentication factor, however, the Privileged Access Service does not validate anything beyond the user name and password. Consequently, the user can, for example, enter any string of characters to fulfill the SMS confirmation code, and the Privileged Access Service accepts the entry.
To temporarily suspend multifactor authentication for a user:
- Log in to Admin Portal.
- Click Access > Users.
- Right-click the account for the user who is locked out.
Select MFA Unlock
The user has 10 minutes to log in.