FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Preventing Shared Computer MFA Lockouts in FusionAuth

    Scheduled Pinned Locked Moved Solved
    Frequently Asked Questions (FAQ)
    mfa sso
    1
    2
    2
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wesley
      last edited by

      Lately, we’ve received numerous complaints from customers who share the same computer to log into our application. It appears that individuals select the “remember me” option, which causes other users to become trapped on the two-factor login screen with no way to return and initiate a login as a different user. Is there a solution for this problem? We are currently utilizing version 1.56.0 of FusionAuth and employing the Simple Themes.

      W 1 Reply Last reply Reply Quote 0
      • W
        wesley @wesley
        last edited by

        It makes sense that this problem is happening. Once we have a SSO session on the computer/browser, then if MFA is required as part of the hosted workflows, FusionAuth will prompt for it based on the existing SSO session.

        To solve this problem, you could opt to not make use of the FusionAuth SSO session. So, if you are using our Advanced themes, you could remove the option for an SSO session by removing the Keep Me Signed In checkbox from the theme. Using our Simple Themes, you would set the SSO Session to a really short duration in Tenant Settings (2 seconds, for instance) thus effectively removing the SSO session. Both of these options would eliminate this problem described above.

        If you still wanted to generate a FusionAuth SSO session, and you wanted to solve this specific problem, you could use Advanced Themes and hardcode a logout link on this MFA page to allow a user to reset the session and login again. This same solution is not possible using Simple Themes, but a feature request could be logged if you wanted to see this logout link included in Simple Themes at a later date.

        1 Reply Last reply Reply Quote 0
        • W wesley has marked this topic as solved
        • First post
          Last post