This guide explains how SDP site admins can disable a user’s two-factor authentication (TFA) setup.
Troubleshooting with users
Failed validation limit reached
When a user gets 6 attempts wrong in 5 minutes, they are locked out of trying to sign in for 5 minutes.
If a user reports that they have received the ‘Failed validation limit reached’ error:
Check they have been using codes from the TFA application linked with their CMS account.
Their TFA application will show the account username or email near or above the code.
Ask them to wait 5 minutes from when they received the ‘Failed validation limit reached’ error.
If the user replies and is still having issues, you will need to disable the 2FA application setup in their user account so they can set it up again.
Disable/clear a user’s two-factor authentication application set-up
If a user has lost access to their TFA application or it is no longer working, you’ll need to follow the below steps to disable it. The user will then be able to set up a new TFA upon logging in.
Go to the user’s account in the CMS.
Click the TFA tab on the user’s profile.
Click disable TFA.
Enter your password and click ‘disable'.
You will be returned back to the TFA tab of the editor's profile and will see the status message ‘TFA has been disabled’.
The next time the user logs in, they will be required to set up TFA before accessing the CMS.
Needing your two-factor authentication reset as a site admin
If you’re a site admin and need your TFA reset, you can ask another site admin in your team to reset you.
If none of your team members are available, fill out an SDP support request. Be detailed in your request so we can assist you quickly.