Troubleshooting for multi-factor authentication

Alerts and notices
Leave feedback

Contact information (optional):

Leave this blank:

Please tell us how we can make this information more helpful.


Characters left:

Before enabling MFA for your account or before troubleshooting an unexpected situation, complete the following:

For additional troubleshooting assistance see the appropriate situation or error messages below.

Thomson Reuters Support can help troubleshoot the Thomson Reuters Authenticator mobile app and application login issues. However, Support cannot troubleshoot issues with a mobile device itself or its settings that may prevent the app from downloading and functioning properly. Issues not specific to the Thomson Reuters Authenticator app or one of our applications are outside of the scope of support and you will need to contact your IT professional or the device's manufacturer.

Problems enabling MFA for a Thomson Reuters ID on our website.

This error message can occur on our website, when attempting to enable MFA for your Thomson Reuters ID. Closing your browser and attempting to sign in your account again may allow you to access the MFA setup wizard.

To do so, visit the My Account page and sign in. When prompted to setup MFA, click Set Up Now to launch the setup wizard and pair your device.

If you are unable to complete the setup wizard successfully, complete the following:

  1. Clear your browser's cookies and cache by deleting temporary internet files or cached files.
  2. After clearing your browser's cache,  update the password associated with your account.
  3. Using your new password, sign in to your account and complete the steps to enable multi-factor authentication for your Thomson Reuters ID.
  4. If the MFA prompt is not available on the sign in page, complete the MFA setup steps using a different web browser or  Google Chrome in Incognito mode. This allows you to open a session of Chrome without recorded activity or history. If you snoozed the MFA prompt, a different browser or incognito mode allows the MFA setup message to appear again.

If these steps do not resolve the issue, contact support for further assistance.

Do not direct non-Onvio users to Onvio.us to set up MFA, even in cases where the MFA popup message was previously snoozed. Complete the following to continue troubleshooting this error.

  1. Confirm the user completed steps one, two, and three above and after signing in to our website receives no MFA prompt.
  2. Open EMS, Ctrl+F, enter the user's e-mail address in the e-mail address field, check the Include Archived Firms and Search Firms boxes then click Search. If two or more accounts are found, see the CS CF, do not transfer.
  3. Contact the CF and review troubleshooting already performed to gain permission to enter an  Authentication escalation.

Note: There have been some reports where the MFA setup doesn't appear to "stick" when using the MFA popup message on our website. If a user is met with this error on the My Profile page, coupled with the MFA Popup not working, an Authentication escalation request should be entered after working with your department's CF for approval.

Unable to pair your login credentials with the mobile app?

This error can occur when the Thomson Reuters Authenticator mobile app has not been granted use of the camera on your mobile device, preventing the camera from reading the QR code you receive. To resolve this issue, give the mobile app access to use your mobile device's camera.

Note: If you did not grant the Authenticator app use of the camera during initial setup of the mobile app, seek assistance managing device permission settings from the device manufacturer or operating system support.

This issue can occur after an attempt to scan a QR code fails while pairing your mobile app with your login credentials. Your mobile device successfully scans the QR code, but may be unable to communicate the successful scan back to the setup wizard on your desktop. You may resolve this error by confirming your device meets the mobile app's system requirements and verifying your device's Internet connection and clock settings. To do so, complete the following steps.

  1. Verify that your device's operating system meets the requirements for the mobile app. Android OS requires 4.1 and up - this can be found in the Additional Information section on Google Play. Compatibility with iOS requires 8.0 or later - this can be found under Compatibility on the App Store. If you authenticate your login credentials via a wearable device, such as a smartwatch, review the system requirements for your wearable device as well.
  2. Check for issues with your device's current internet connection. To do so, visit any public website, such as reuters.com and verify the page opens. While scanning the QR code, if the code failed to generate over your cellular service, connect to a Wi-Fi network and try again. If the QR code failed to scan over a Wi-Fi connection, try turning off Wi-Fi and try again via your cellular network. 
  3. Check the time calibration on your device. Visit  http://time.is using the browser on your device and calibrate your device time to match the reported time.

Note: Many devices have an option to sync with the time provided by the cellular or wireless network. To prevent time calibration issues in the future, activate “Use network provided time" on your device. Seek assistance managing device settings from the device manufacturer or operating system support to determine if this setting is available on your device and how to enable it.

After enabling MFA for your account, are you not receiving a prompt for multi-factor authentication when signing in?

After completing the steps to enable MFA for your account, if your CS Professional Suite applications do not prompt you to use the Authenticator app to approve your sign in request, complete the following steps:

  1. Confirm your computer has an internet connection.

    Notes:

    • The CS Professional Suite applications will not prompt for MFA if they cannot connect to the internet. This allows you to sign in to your application using an MFA enabled account when an internet connection is not available.
    • If you are working in UltraTax CS, the connection is restored and you wish to transmit e-files, navigate to File > Sign out and then sign back in using MFA in order to enable this functionality.
  2. Open your CS Professional Suite application.
  3. In the login screen, look above the username and password fields, the account type in use is shown.

    To differentiate between CS Web and Onvio Thomson Reuters IDs, use the text below the sign in button.

      

    To enable MFA for CS Web Thomson Reuters IDs, see Enabling multi-factor authentication for your CS Professional Suite login credentials.

    To enable MFA for NetStaff accounts, see Setting up multi-factor authentication for your NetStaff CS login.

    To enable MFA for Onvio Thomson Reuters IDs, see Set up multi-factor authentication for your login.

    If a firm's login screen calls for an Onvio TRID and they are no longer licensed for Onvio, there are Onvio licenses that linger in their system. In order to remove the Onvio TRID login screen, rename the Onvio licenses.

    If the firm still has valid Onvio licenses in Flash or EMS, put them in touch with Onvio support for assistance setting up or maintaining Onvio accounts.

    Location License filename
    WinCSI\Licenses\ ddxname.dat
    WinCSI\Licenses\utYY\ iYdxname.dat

Once you enable MFA and pair your device, an approval request is sent to the paired device when attempting to sign in. If you do not receive a request on your device, complete the following steps:

  1. Confirm the device has an internet connection. If unable to connect to the internet, see  Using the Authenticator app to sign in when your device does not have an internet connection.
  2. Confirm the Authenticator app has permissions to use push notifications on the device.

    Note: Seek assistance for push notification management settings from the device manufacturer or operating system support. Amazon Fire devices do not support push notifications. In order to sign-in in absence of push notifications, see Using the Authenticator app to sign in when your device does not have an internet connection.

  3. In the Authenticator app, tap Generate a code. If no accounts are listed, you have not paired this device to your account. To resolve this issue, you must pair a device, obtain a 24-hour code, or disable MFA for your account. Complete the appropriate steps below.

    Note: This is generally a result of pairing your device, uninstalling the application and reinstalling the app again. When you uninstall the app, pairing information is lost.

    1. Pair your device by completing the steps to enable multi-factor authentication for your account type. 

      Thomson Reuters IDs

      NetStaff CS accounts

    2. If you do not have access to your device, work with your firm's administrator to obtain a 24-hour code. As the admin, select the appropriate account type below for instructions to generate a 24-hour code for staff.

      Thomson Reuters IDs

      NetStaff CS accounts

    3. If you no longer wish to use MFA, disable multi-factor authentication for your account type. 

      Thomson Reuters IDs

      NetStaff CS accounts

MFA prompts received, other situations.

For MFA to work, your device sends a signal to the server and then the server relays the signal to the application or webpage where you are attempting to sign in. When something blocks this communication on either end, you will not be able to complete the sign in attempt.

To determine where block is, generate a code using the Authenticator app and attempt to sign in using the code.

  • If you cannot complete the sign in process using the code, complete the following steps:
    1. Check the time calibration on your device. Visit  http://time.is using the browser on your device and calibrate your device time to match the reported time.
    2. Setup firewall exceptions for CS Connect and CS Security completing the steps in firewall guidelines for CS Professional Suite applications .
    3. Configure Windows settings for Internet Explorer.
  • If you can complete the sign in process using the code, complete the following steps:
    1. Confirm your device has an internet connection.
    2. Switching from WiFi to cellular data can help determine if there is an issue with the mobile device's connection.
    3. Apply any pending device OS updates.
    4. If the device has its own security application, that may also impede communication.

Note: Seek assistance from the device manufacturer or operating system support if issues persist with the device completing the authentication process.

During the Authenticator installation process, you receive prompts to enable any additional security features - such as fingerprint scanning or facial recognition - that your device is capable of. When you setup the Authenticator app for the first time you receive prompts to enable these options, even if you have not configured these features on your device.

If you have enabled fingerprint scanning or facial recognition and do not wish to use this feature, you will have to configure your device first. Set up on your devices' additional security features before continuing. Once enabled security features are setup on the device, you will be able to approve sign in attempts or disable the additional security features.

To disable additional security features in the Authenticator app, complete the following steps:

  1. Tap Settings.
  2. Toggle off the option for fingerprint scanning, facial recognition or passcode.
  3. Verify the request by completing the fingerprint scan, facial recognition or entering the passcode when prompted.
Notes:

For your security, if you have an active temporary code for your account, disconnecting a paired mobile device does not automatically disable multi-factor authentication. Your firm administrator issues a 24-hour code when you are unable to access the mobile app to log in to your applications. Temporary codes expire 24 hours after they are generated.

Based on the multi-factor authentication requirements for your firm, you will continue to use the temporary code until it expires or you pair a new device. For details, see Logging in to your CS Professional Suite applications when your mobile device is not accessible.

This issue stems from a few causes. To work through the situation, complete the following steps:

  1. Close UltraTax CS and browse to WinCSI\utYYsys and locate the file _Yusumsc.windowsusername where YY it the last two digits and Y last digit of the year of the program. Rename the file, adding .old after the Windows Username.
  2. Ask if the user has the same login for both their NetStaff and Thomson Reuters ID accounts.
  3. Enable MFA on both the NetStaff and Thomson Reuters ID account (and Onvio, if applicable). Do not skip this step.
  4. Change the login name used for the NetStaff account so it is not the same as the Thomson Reuters ID. See changing NetStaff login for more information.
  5. Reset the NetStaff password.

To work through the situation, complete the following steps:

  1. Ask if the user has the same login for both their NetStaff and Thomson Reuters ID accounts.
  2. Enable MFA on both the NetStaff and Thomson Reuters ID account (and Onvio, if applicable). Do not skip this step.
  3. Change the login name used for the NetStaff account so it is not the same as the Thomson Reuters ID. See changing NetStaff login for more information.
  4. Reset the NetStaff password.

Some users have reported license expiration errors when following the procedures in Using the Authenticator app to sign in when your device does not have an internet connection. These types of errors are generated by the device's manufacturer and can affect all apps installed on the device. These are not Thomson Reuters' errors. The Thomson Reuters Authenticator app does not have an online requirement or license requirement. Some devices will occasionally need to be connected to the internet to update and allow access to applications. If a user reports this error, try the following:

  • have the user try to restart the device.
  • have the user try to connect the device to the internet.

If those items do not work, have the user contact the device's manufacturer or IT professional.

Related topics

Multi-factor authentication overview

Common questions for MFA setup and use

Internal notes


For suggested responses when assisting a firm with an issue that has been determined to be environmental, see Internal: Overcoming objections during systems troubleshooting.

Share This