[Notification] We're upgrading the JumpCloud Support Center the week of September 30th.

Support Center

Google Authenticator Code Fails with JumpCloud Multi-factor Authentication


Google Authenticator generates a TOTP token, but it will not authenticate for any MFA enabled resource.



Multi-factor or "Two-Factor" apps like Google Authenticator implement what is called the Time-Based One-Time Password (TOTP) algorithm. It has the following ingredients:
  • A shared secret (a sequence of bytes)
  • An input derived from the current time
  • A signing function

Because the algorithm is signing (or rather, generating the MFA code) based on the time of the mobile device, it is important that the device has an accurate time within 60 seconds´╗┐ for Google Authenticator to properly generate the authenticator code for access so that it matches the shared secret and time input as expected on the server.



To make sure that you have the correct time in Google Authenticator:
  1. Go to the main menu on the Google Authenticator app.
  2. Click Settings.
  3. Click Time correction for codes.
  4. Click Sync now.
  5. On the next screen, the app will confirm that the time has been synced, and you should now be able to use your verification codes to sign in. The sync will only affect the internal time of your Google Authenticator app, and will not change your device’s Date & Time settings.
Reference: Google's Common issues with 2-Step Verification 

Alternatively, if the TOTP key was lost, you may reset the JumpCloud password to obtain a new key. You may also opt to try a different TOTP token generator such as Duo Mobile or FreeOTP.

Last Updated: May 14, 2019 08:23AM MDT

Related Articles
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found