Users may forgot a password or didn't register VIP code in order to use the Client net portal 2FA. Therefore, even If we pass the first authentication (login and password accepted), You are still unable to access the Client Net portal due to a missing VIP security code.

Email Security.cloud

2 Factor Authentication is enabled for all the users of the Client net portal, if the VIP code is missing then the access is denied. 

To workaround the access Issue, Admin or Support can temporary disable 2FA authentication in the Client Net portal under Administration > Access Control. 

Alternatively, The requester for the Client net access can install the Symantec Validation & ID Protection (VIP)   and then share the VIP code with the support so they can ensure the correct code is mapped.