Troubleshooting for multi-factor authentication

Alerts and notices
Leave feedback

Internal Employees: Submit feedback

Contact information (optional):

Leave this blank:

Please tell us how we can make this information more helpful.

Characters left:

When assisting users in troubleshooting possible errors, keep in mind the scope of the support we are able to provide. Some restrictions or settings on a user's mobile device (environmental issues) may prevent the mobile app from downloading or errors to occur. If the issue is not specific to the mobile app, this may be outside of the scope of support.

Use the Notes throughout the article for context as to what measures need to be performed in that situation on the side of the device and customize the statement below to convey the appropriate message.

Suggested positioning, "We have worked through the situation to determine the scope of the issue. Based on what we have identified, the issue is on the side of the device. While we can assist you with diagnosing the cause, seek further assistance executing the needed changes from your IT professional, device manufacturer, device operating system support or any combination of these resources in order to configure all of your technology to work together properly."

Thomson Reuters applications provide multi-factor authentication through the Thomson Reuters Authenticator mobile app. Before enabling multi-factor authentication for your login credentials, make sure your mobile device meets the system requirements.

For troubleshooting assistance - after checking system requirements and installing the mobile app on your mobile device - see the appropriate situation or error message below.

"Unable to verify profile" error when enabling MFA for a Thomson Reuters ID via the CS Professional Suite website.

When attempting to enable MFA for a Thomson Reuters ID account, you may receive an "Unable to verify profile" error. To resolve this error, complete the following steps:

Visit the CS Professional Suite website and sign in. When prompted to setup MFA, click Set Up Now to start the setup wizard and pair your device.

  1. If you are unable to complete the setup wizard successfully, continue with the next step.
  2. Clear your browser's cookies and cache by  deleting temporary internet files or cached files.

  3. After clearing your browser cache,  reset or update the password associated with your account.

  4. If these steps do not resolve the issue, contact support for further assistance.
  1. Confirm that steps 1, 2 and 3 were actually completed.
  2. Open EMS, Ctrl+F, enter the user's e-mail address in the e-mail address field, check the Include Archived Firms and Search Firms boxes then click Search. If two or more accounts are found, see the CS CF, do not transfer.
  3. Contact the CF to review troubleshooting already performed to gain permission to put in an  Authentication escalation.

Unable to pair your login credentials with the mobile app.

This error can occur when the Thomson Reuters Authenticator mobile app has not been granted use of the camera on your mobile device, preventing the camera from reading the QR code you receive. To resolve this issue, give the mobile app access to use your mobile device's camera.

Note: Seek assistance managing device permission settings from the device manufacturer or operating system support if the improper options were selected during the initial setup of the Authenticator app.

This issue can occur after an attempt to scan a QR code fails while pairing your mobile app with your login credentials. Your mobile device successfully scans the QR code, but may be unable to communicate the successful scan back to the setup wizard on your desktop. You may resolve this error by confirming your device meets the mobile app's system requirements and verifying your device's Internet connection and clock settings. To do so, complete the following steps.

  1. Verify that your device's operating system meets the requirements for the mobile app. Android OS requires 4.1 and up - this can be found in the Additional Information section on Google Play. Compatibility with iOS requires 8.0 or or later - this can be found under Compatibility on the App Store. If you authenticate your login credentials via a wearable device, such as a smartwatch, review the system requirements for your wearable device as well.
  2. Check for issues with your device's current internet connection. To do so, visit any public website, such as and verify the page opens. While scanning the QR code, if the code failed to generate over your cellular service, connect to a Wi-Fi network and try again. If the QR code failed to scan over a Wi-Fi connection, try turning off Wi-Fi and try again via your cellular network. 
  3. Check the time calibration on your device. Visit using the browser on your device and calibrate your device time to match the reported time.

Note: Many devices have an option to sync with the time provided by the cellular or wireless network. To prevent time calibration issues in the future, activate “Use network provided time" on your device. Seek assistance managing device settings from the device manufacturer or operating system support to determine if this setting is available on your device and how to enable it.

After enabling MFA for your account, you do not receive a prompt for multi-factor authentication when signing in.

After completing the steps to enable MFA for your account, if your CS Professional Suite applications do not prompt you to use the Authenticator app to approve your sign in request, complete the following steps:

  1. Confirm the computer is connected to the internet. If connected, continue to step 2.

    Note: The CS Professional Suite applications will not prompt for MFA if they cannot connect to the internet. This allows for work to be done under a MFA enabled account when an internet connection is not available. If the connection is restored while working, navigate to File > Sign out and then sign back in using MFA in order to transmit e-files.

  2. Open your CS Professional Suite application.
  3. In the login screen, look above the username and password fields, the account type in use is shown.


    To enable MFA for Thomson Reuters ID, see Enabling multi-factor authentication for your CS Professional Suite login credentials.

    To enable MFA for NetStaff accounts, see Setting up multi-factor authentication for your NetStaff CS login.

Once MFA is enabled and a device paired, an approval request is sent to the paired device when attempting to sign in. If the request is not received on the device, complete the following steps:

  1. Confirm the device is connected to the internet. If unable to connect to the internet, see  Using the Authenticator app to sign in when your device does not have an internet connection.
  2. Confirm the Authenticator app has permissions to use push notifications on the device.

    Note: Seek assistance for push notification management settings from the device manufacturer or operating system support. Amazon Fire devices do not support push notifications. In order to sign-in in absence of push notifications, see Using the Authenticator app to sign in when your device does not have an internet connection.

  3. In the Authenticator app, tap Generate a code. If no accounts are listed, this device is not paired to an account. Complete the following steps:

    Note: This is generally a result of pairing your device, uninstalling the application and reinstalling the app again. When the app is uninstalled, pairing information is lost.

    1. Generate a temporary code to log into the account using the link for your account type.

      Thomson Reuters ID - Logging in to your CS Professional Suite applications when your mobile device is not accessible

      NetStaff - Mobile device inaccessible: Generating a temporary login code

    2. Disable multi-factor authentication for your account type. 

      Thomson Reuters ID - Disconnecting a paired mobile device from your CS Professional Suite login credentials

      NetStaff - Disabling multi-factor authentication for your login

    3. Enable multi-factor authentication and pair your device for your account type. 

      Thomson Reuters ID - Enabling multi-factor authentication for your CS Professional ...

      NetStaff - Setting up multi-factor authentication for your login

Once you have completed these steps, multi-factor authentication should work again.

MFA prompts received, other situations.

For MFA to work, the phone must send a signal to the server and then the server relays the signal to the application or webpage where sign in is occurring. If something blocks this communication on either end, you will not be able to complete the sign in attempt.

To determine which device is being blocked, generate a code using the Authenticator app to sign in.

  • If you cannot complete the sign in process using the code, complete the following steps:
    1. Setup firewall exceptions for CS Connect and CS Security completing the steps in firewall guidelines for CS Professional Suite applications .
    2. Configure Windows settings for Internet Explorer.
  • If you can complete the sign in process using the code, complete the following steps:
      1. Confirm the device is connected to the internet.
      2. Switching from WiFi to cellular data can help determine if there is an issue with the mobile device's connection.
      3. Apply any pending device OS updates.
      4. If the device has its own security application, that may also impede communication.

    Note: Seek assistance from the device manufacturer or operating system support if issues persist with the device completing the authentication process.

This issue stems from a few causes. To work through the situation, complete the following steps:

    1. Close UltraTax CS and browse to WinCSI\utYYsys and locate the file _Yusumsc.windowsusername where YY it the last two digits and Y last digit of the year of the program. Rename the file, adding .old after the Windows Username.
    2. Confirm the user has both a NetStaff and Thomson Reuters ID account that have the same login credentials.
    3. Enable MFA on both the NetStaff and Thomson Reuters ID account.
    4. Change the login name used for the NetStaff account so it is not the same as the Thomson Reuters ID. See, changing NetStaff login for more information.
    5. Reset the NetStaff password.

This is caused by enabling the Authenticator app access to this feature when launched for the first time on the device. Upon first launch, the application prompts for access to all features of the device that are compatible with the app. If the passcode, Touch ID or Face ID feature are enabled, they become active in the app regardless if they are setup on the device or not.

To resolve this issue, go into the settings for the device, enable and setup that feature (passcode, Touch ID or Face ID - which ever was enabled access on the device), go back to the Authenticator app, disable that option in Settings, then back to the device settings and disable it on the device again.

Note: Seek assistance for passcode, TouchID or Face ID settings from the device manufacturer or operating system support.

For your security, if you have an active temporary code for your account, disconnecting a paired mobile device does not automatically disable multi-factor authentication. A temporary code is issued by your firm administrator when you are unable to access the mobile app to log in to your applications. Temporary codes expire 24 hours after they are generated.

Based on the multi-factor authentication requirements for your firm, you will continue to use the temporary code until it expires or you pair a new device. For details, see Logging in to your CS Professional Suite applications when your mobile device is not accessible.

Related topics

Disabling multi-factor authentication for your CS Professional Suite login credentials

Multi-factor authentication overview

How to use the Thomson Reuters Authenticator mobile app

Share This