MSSP console with MFA/2FA disabled unable to switch to tenants with MFA/2FA enabled
Article ID: 288576
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
- MSSP org does not have 2FA enabled
- Customer tenant has 2FA enabled
- Switching orgs displays this error: "Failed to switch to <tenant.name>. Two-factor authentication is disabled in the parent organization"
Environment
- Carbon Black Cloud console: March '24 release (1.24)
- MSSP org
Cause
As per this announcement:
On March 14th 2024, a change will be made to Authentication for MSSP organizations. To switch to a child org that has MFA enabled, the parent org will also require MFA to be enabled. Please enable MFA on parent MSSP orgs to avoid losing access to child orgs.
Resolution
- If 2FA is not enabled in the MSSP console, it is now expected as of 14th March 2024 to not be able to switch to tenants with 2FA enabled.
- MFA must be enabled on the MSSP org to allow access to customer orgs with MFA/2FA enabled.
- With the move to AuthHub for Authentication this should no longer be an issue, but if it is please reach out to support.
Additional Information
- Error: "Unable to switch to <tenant.name>" has been seen on some instances but is not expected.
- If an unexpected error is faced, please collect a HAR capture and contact Carbon Black support
Feedback
Yes
No
Powered by
