☰
Related Products
ADManager Plus
ADAudit Plus
ADSelfService Plus
Exchange Reporter Plus
M365 Manager Plus
This error message could be displayed due to any of the following:
Cause 1: The device verification method (such as the Windows Hello PIN, or Android biometrics) was unsuccessful, the user deliberately closed or cancelled the box, or the session expired.
Solution: The user must attempt verification again.
Cause 2: If the platform authenticator's configuration in the OS has been reset (for instance, if the YubiKey is reset or the Windows Hello PIN is changed) or deleted, the passkey information will be removed from the device. However, the old passkey enrollment will still remain in Identity360, which may cause issues.
Solution: The existing passkey enrollment in Identity360 needs to be disenrolled. Users should then re-enroll their passkey to restore proper authentication.
Note: This method will not work if you have disabled login for partially enrolled users in your organization; in that case, the user should use the backup code or any other optional MFA factors they have enrolled in.
This error might be displayed during any of these scenarios:
Cause 1: The admin changes User Verification from Discouraged or Preferred to Required
When User Verification is set to Required, users will be prompted to provide additional verification, such as a PIN or biometrics, after inserting their device. If the users have not set up additional verification on their devices, they will be unable to complete the verification process and will be locked out.
Solution: The user must configure the additional verification factors (such as a PIN or biometrics) supported by their device and attempt authentication again.
Cause 2: The initial FIDO2 passkey configuration in Identity360 is set up with User Verification being set to Required, but devices that support U2F may not support additional verification.
Solution: The admin must either set User Verification to Discouraged or Preferred, or users must enroll devices that support additional user verification.
Cause 3: Users are attempting authentication from an Android phone that does not support additional user verification for security keys. Google introduced support for this feature in Google Play services v23.35, released in September 2023. Devices that have not been updated to this version or later may not support additional verification.
Solution: Users must download and install the latest Android system update to enable additional verification support on their phones.
Cause: The user's FIDO2 passkey may not support the public key cryptographic algorithms that Identity360 currently supports (ES256 and RS256).
Solution: Since algorithm support is determined by the passkey provider and cannot be changed by the user, please contact Identity360 support at identity360-support@manageengine.com.
Cause: The browser sends an incorrect passkey type, restricted by the admin, in the enrollment or authentication response.
Solution: Try updating your browser or using a different one. If the issue persists, please contact Identity360 support at identity360-support@manageengine.com.
Cause: An unforeseen issue occurred during passkey enrollment or authentication.
Solution: Please contact Identity360 support at identity360-support@manageengine.com for assistance in diagnosing and resolving the issue.
Copyright © 2024, ZOHO Corp. All Rights Reserved.
Previous Topic