Showing results for 
Search instead for 
Did you mean: 
Active Contributor

Admin Console shows incorrect MFA status for some users

Our LastPass Enterprise Admin Console reports that some users do not have Multifactor enabled when they are actively using various MFA options to log in.

We have 2 YubiKey users, 2 Google Authenticator users, 1 Authy user, and 1 Tofu user on a mix of browser extensions (at least Chrome and Brave).
We are using the "Require any MFA option after grace period" policy and the affected users are past the grace period.
I've verified with one YubiKey+Chrome user that the YubiKey is configured and is shown as being Enabled in their enterprise account. The other users report needing to use MFA to log in but I have not asked them all to re-configure it since it seems more to me like something on the admin console side.

We have other users using the same MFA options (especially Google and YubiKey) which are shown correctly in the Admin Console. I haven't been able to find any other similarities between the affected users with regard to when they were added to the enterprise, differing groups, or other policies.

Since these users are actually logging in with MFA it seems to me like there is just some issue with propagating that information to the UI. It would be great to resolve so that we can trust the reporting and I know who to bother about their MFA 😉