Multifactor authentication and system clone

stevemac
Tera Guru

‎11-21-2018 07:29 PM

Hi,

We recently enabled multifactor authentication (MFA) in all of our instances.  All users with the "admin" role are configured to use it.  No problems experienced

Yesterday we performed our first clone from Prod to sub-prod overnight since MFA was implemented.   MFA is now not working in subprod.  Generating a new code for a user addresses the issue.

Comparing prod and sub-prod, the issue appears to be the User Multi-factor Authentications [user_multifactor_auth] table.  Sub-prod now has production's values & I assume the Multi Factor secret value is incorrect

Wondering if anyone else has run into this?  I plan to create clone exclude table and clone preserve data entries for the table [user_multifactor_auth].  Is there anything else that needs to be done?

thanks,

Steve

 

 

0 Helpfuls
  • 4,769 Views
7 REPLIES 7

Charlotte Pakes
Tera Guru

‎11-25-2020 01:37 AM

Hi,

This post was really useful for setting up cloning to behave with MFA and worked fine in New York. However, we're now finding in Paris that clones seem to be clearing out entries in the user_multifactor_auth table despite the preservers. 

Anyone managed to resolve this or am I best raising something with Hi? You would've thought an article in the documentation on configuring cloning with MFA would be a no-brainer...

Thanks,

Charlotte

0 Helpfuls

Charlotte Pakes
Tera Guru
In response to Charlotte Pakes

‎12-03-2020 03:33 AM

We got the answer from Hi in the end. In case it is useful for anyone else:

Paris onwards you need to setup a Clone Profile to apply to the data preservers.

Tim Grindlay
Kilo Sage

‎08-18-2022 11:16 PM

In recent clones we've had mixed success with preserving this table. On Monday we cloned to our UAT environment (With preservers and excludes on user_multifactor_auth) and were able to login fine afterwards. We encountered an unrelated issue and re-cloned last night. This morning no-one could login. On the MFA screen we got the error "Your passcode is incorrect, please try again with a correct code". Production codes didn't work and multiple attempts would lock the accounts. Managed to get in eventually by using the "Receive a code via email" link - luckily we have a post clone script to re-enable email sending automatically. Once we log in with the temporary email code, the original MFA codes start working again. Currently have a case logged with Now Support so will report back with findings unless anyone can enlighten what's going on.

find_real_file.png

Preview file
29 KB
0 Helpfuls