Team: Huntress Managed Endpoint Detection and Response (EDR)
Product: Two-Factor (2FA) / Multi-factor (MFA), Backup Codes
Environment: Huntress.IO management portal
Summary: Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA) troubleshooting and reset options.
How to Troubleshoot your Huntress 2FA
How to Reset your Huntress 2FA
Approved 2FA Applications
Huntress currently supports 2FA TOTP/OTAP apps like Duo Authenticator, Google Authenticator, and Microsoft Authenticator.
Some web based 2FA tools, such as LastPass Authenticator or 1Pass Authenticator will also work.
SMS and text based 2FA is not available
How to Troubleshoot your Huntress 2FA
Scenario 1: New phone, can't access the Huntress portal
If you saved your Huntress backup codes, follow Scenario 1 under How to Reset your Huntress 2FA. If you did not save your codes, or if you have misplaced them, skip to Scenario 2 under How to Reset your Huntress 2FA.
Scenario 2: Same phone, 2FA is just not working
- Check the time on your phone and compare it to the time on the device you are trying to access Huntress from and confirm they are the same time. 2FA codes are time sensitive, so if the time on both devices does not match, 2FA may not work as expected.
- Does this same issue occur in a different browser or incognito window or does it occur across browsers?
- Does this same issue occur on a different device (ie: another computer)?
- Is your authenticator app up to date?
- If you recently reconfigured 2FA, do you still have the old 2FA connection added to your 2FA app? If so, be sure to remove it and that you are using the correct authentication app and new set of codes.
-
Duo specific errors may be as a result of communication errors between the Huntress portal and the Duo portal. See the Use Duo Mobile for Two-Factor Authentication guide for initial troubleshooting, otherwise, reach out to Huntress support for guidance.
Scenario 3: I use Single Sign On for the Huntress portal, I should not be getting 2FA prompts from Huntress
If the admin has not already done so after setting up SSO, additional steps will be required to disable 2FA. This must be done at the account level, as well as at an individual user level. 2FA cannot be disabled if SSO is not fully enabled, enforced, and verified.
How to Reset Your Huntress 2FA
Scenario 1: Use Your Backup Codes (Fastest option)
If you saved your Huntress backup codes from when you first configured your account, use a backup code to sign in to the Huntress portal one time. Once in, you can reconfigure your 2FA by choosing the hamburger menu drop down on the top right, go to the Preferences tab, then delete your old 2FA to set up a new one.
If you haven't already, be sure to generate your backup codes and store them for future use!
No backup code? Skip to Scenario 2.
Scenario 2: No Backup Codes, Request a Recovery Link from an Admin (Recommended alternate option)
Reach out to an admin on your account. Usually, this is the person from your IT/MSP who set up your account originally. The admin can send a recovery link (a one time access code) which will allow you to sign in to the Huntress portal. From there you can reconfigure your 2FA by choosing the hamburger menu drop down on the top right, go to the Preferences tab, then delete your old 2FA to set up a new one.
The admin is not available! Skip to scenario 3a.
I'm the only admin! Skip to scenario 3b.
Scenario 3a: I do not have a backup code and the admin is not available
This process can cause delays when accessing your account. If you have not already, be sure to save your backup codes after recovering your account!
If you are able to reach your IT/MSP admin, and you do not have your backups codes, reach out to Huntress support. The support team will then reach out internally to get an authentication process started to verify who is asking for the reset and that the request is legitimate. Once the process is completed, either support or another representative will send you a recovery code to sign in one time. When you connect to the portal, reconfigure your 2FA by choosing the hamburger menu drop down on the top right, go to the Preferences tab, then delete your old 2FA to set up a new one.
Scenario 3b: I am the only admin on the account, but I do not have a backup code
This process can cause delays when accessing your account. If you have not already, be sure to save your backup codes after recovering your account!
If you are the admin who requires a 2FA reset, and no other admin is available and you do not have a backup code to use, contact Huntress Support. The support team will then reach out internally to get an authentication process started to verify who is asking for the reset and that the request is legitimate. Once the process is completed, either support or another representative will send you a recovery code to sign in one time. When you connect to the portal, you can reconfigure your 2FA by choosing the hamburger menu drop down on the top right, go to the Preferences tab, then delete your old 2FA to set up a new one.
Scenario 4: I am a reseller and need to reset 2FA for my customer
Resellers cannot reset MFA for their customers (child accounts). Please reach out to support to have the MFA reset. We will verify the request, then send a recovery link to the end user.