Updated 18 September 2021
Users experience issues with MFA after the 21.6 update. This has been observed when clients attempt MFA. In the tenant under Activity for a user, Access -> Users -> User (a particular user) -> Activity, a line with "Challenge using OATH, result: Failed" will be seen. In this example it is OATH, but failures can occur with other factors such as SMS, OTP, etc. Cause:
An issue with MFA has been identified when the MFA Redirection feature is enabled for a user. This is configured on the tenant under Access -> Users -> User (a particular user) -> Account.Resolution:
21.6 HF1 was released on Saturday September 18, 2021. This hot fix addresses the following two issues (also listed in the Centrify 21.6 Release Notes
- Resolved an issue where performing step up authentication challenges with a user that had MFA redirect enabled would cause the challenge to fall into an infinite challenge loop (355167).
- Fixed an issue where setting a redirected user and then changing to another user would occasionally revert to the original user.
Some behavioral changes for MFA Redirection were made in the 21.6 release. Please see https://docs.centrify.com/Content/CoreServices/Authenticate/MFARedirection.htm
for documentation on the MFA Redirection feature.
If there are additional questions, please do not hesitate to contact our support team.