Multi-factor authentication (MFA) troubleshooting

Use this article to troubleshoot multi-factor authentication (MFA) issues with your account, your device, or your software. Before following any instructions listed here, find out which account type you have:

Lost or new device 

If you lose, replace, or reset your MFA device you'll lose the MFA pairing for your account.

  • If you have a backup MFA option enabled, see Remove MFA devices from an account to remove or add a new device. Otherwise, your firm administrator can generate a temporary access code for your account.
  • If your admin account is inaccessible and another admin is not available, contact Support at 800.968.0600 for help.

TRID instructions for administrators

  1. Go to  My Account 
  2. Log in to your TRID administrator account
  3. Select the Manage Accounts link under the My Firm heading
  4. Find the row for the desired staff member and select  Modify
  5. Scroll down to the bottom of the page and select the Get Temp 24hr Code button.
  6. The page will refresh and display the generated numerical code in a field directly below the button.
  7. Give the generated code to the account owner. They'll then use this code by clicking the Enter a code link on their login screen.

NetStaff CS administrators

  1. Log in to your NetStaff CS account.
  2. Select the Admin tab on the navigation pane
  3. If generating a code for a client, select the  Users link in the NetClient CS section
  4. If generating a code for a staff member, select the  Users link in the NetStaff CS section 
  5. Select the user.
  6. In the Identification section, select the View Settings button next to Multi-factor Authentication.
  7. Select the link to generate a temporary, 24-hour numerical code.
  8. Give the generated code to the account owner. They'll then use this code by clicking the Enter a code link on their login screen.

MFA Setup issues

Use the links below to learn more about specific issues you may encounter after setup.

This error message can occur on our website when you try to enable MFA for your TRID. Try the following:
  1. Retry
    1. Close and reopen your browser
    2. Visit tax.tr.com 
    3. Select the Log in button 
    4. Select  Sign in under "CS Professional Suite, Onvio"
    5. Log in using your Thomson Reuters ID. When prompted to setup MFA, select  Set Up Now to launch the setup wizard
    6. Follow the prompts and pair your device.
  2. Clear your browser's cookies and cache by  deleting temporary internet files or cached files.
  3. After clearing your browser's cache,  update the password associated with your account.
  4. Using your new password, sign in to your account and complete the steps in  Multi-factor authentication setup.
  5. If the MFA prompt is not available on the sign in page, complete the MFA setup steps using a different web browser or  Google Chrome in Incognito mode

If these steps do not resolve the issue,  contact support for further assistance.

Support: Complete the following steps if the customer is unsuccessful with clearing the error on their own:

  1. Confirm the user completed the steps above and after signing in to our website receives no MFA prompt.
  2. Open EMS, Ctrl+F, enter the user's e-mail address in the e-mail address field, check the Include Archived Firms and Search Firms boxes then click Search. If two or more accounts are found, see the CS Resolver, do not transfer.
  3. If issues persist, see Troubleshooting Thomson Reuters ID and authentication errors.

This message can appear if the device is disconnected from the internet or has an incorrect time setting.

  1. Check for issues with your device's current internet connection. 
    1. Visit any public website, such as reuters.com 
    2. Check to see if the page opens.
  2. If the code failed to generate over your cellular service, connect to a Wi-Fi network and try again.
  3. If the QR code failed to scan over a Wi-Fi connection, turn off the device's Wi-Fi try through the device's cellular service, if available. 
  4. Check the time calibration on your device. Visit http://time.is using the browser on your device and calibrate your device time to match the reported time.

This issue can occur after an attempt to scan a QR code fails while pairing your mobile app with your login info. 

  1. Checkthat your device's operating system meets the requirements for the mobile app.  
  2. Check for issues with your device's current internet connection. 
  3. Check the time calibration on your device. Visit  http://time.is using the browser on your device and calibrate your device time to match the reported time.

This error can occur when the Thomson Reuters Authenticator mobile app hasn't been granted use of the camera on your  device. You'll need to give the mobile app access to use your mobile device's camera. If needed, seek help from the manufacturer or operating system support.

Login issues after MFA setup

If you don't receive a request on your device:

  1. Confirm your computer and your MFA device have an internet connectiion. If unable to connect to the internet, use the Enter a code option when signing in and enter the MFA code generated by your device.
  2. Confirm the Authenticator app has permissions to use push notifications on the device.

    Note: Seek help from the manufacturer or operating system support or try to sign-in with a code.

If you're trying to log in and you don't get the MFA notfication, check that your computer has an internet connection
If a firm's login screen calls for an Onvio TRID and they are no longer licensed for Onvio, there are Onvio licenses that linger in their system. In order to remove the Onvio TRID login screen, rename the Onvio licenses.

If the firm still has valid Onvio licenses in Flash or EMS, put them in touch with Onvio support for assistance setting up or maintaining Onvio accounts.

Location License filename
WinCSI\Licenses\ ddxname.dat
WinCSI\Licenses\utYY\ iYdxname.dat

Generate a code using the Authenticator app and attempt to sign in using the code.

  • If you can sign in using the code, 
    1. Confirm your device has an internet connection.
    2. Switch from WiFi to cellular data.
    3. Apply any pending device OS updates.
  • If you cannot complete the sign in process using the code:
    1. Check the time calibration on your device. Visit  http://time.is using the browser on your device and calibrate your device time to match the reported time.
    2. Setup firewall exceptions for CS Connect and CS Security completing the steps in Firewall guidelines for CS Professional Suite applications.
    3. Configure Windows settings for Internet Explorer.

Note: Seek assistance from the device manufacturer or operating system support if issues persist with the device completing the authentication process.

When you install your MFA app you'll get prompts to enable fingerprint scan, facial recognition, or a passcode, even if you haven't configured these features before.

If you have configured these features and don't want them anymore, change your device's settings before continuing.

To disable these additional security features in the Authenticator app, 

  1. Tap Settings in the app
  2. Toggle off the option for fingerprint scanning, facial recognition or passcode.
  3. Verify the request by completing the fingerprint scan, facial recognition or entering the passcode when prompted.
Notes:
  • If you have additional security, like facial recognition, enabled for the Thomson Reuters Authenticator, you won't be able to approve the MFA prompts using your Apple Watch.

    In the Thomson Reuters Authenticator app, tap the gear icon and turn off the Security option.

  • If you enter a passcode to access your phone, or use your fingerprint or Face ID, the information in the Thomson Reuters Authenticator app is secured. If you do not use one of these methods to unlock your phone, you can enable this level of security just for the Thomson Reuters Authenticator app in the settings menu (gear icon).

Note: If you still cannot approve requests, make sure you have the latest updates for both your phone and your watch. You can also reboot both devices to re-connect them together.

Apple iOS version 11.0 introduced a function called Offload Unused Apps. If this function is enabled, the Thomson Reuters Authenticator app may be uninstalled/offloaded if it has not been used after a while. Reinstall the Thomson Reuters Authenticator app by choosing the icon on the device's homepage and attempt to sign in again.

  • Check that UltraTax CS is on the latest version. If you're on Virtual Office or SaaS, this step doesn't apply.
  • Check your Internet Explorer settings.
    • Verify that your version of Internet Explorer is supported.
    • Verify that Internet Explorer is fully updated.
    • Choose Tools, open Internet Options, select Advanced Settings. In the Security section, mark the boxes for TLS 1.0, TLS 1.1, and TLS 1.2.
  • Check your firewall settings, or ask your certified IT professional to check them for you.

Was this article helpful?

Thank you for the feedback!

Internal notes


Additional internal troubleshooting steps

This issue stems from a few causes. To work through the situation, complete the following steps:

  1. Close UltraTax CS and browse to WinCSI\utYYsys and locate the file _Yusumsc.windowsusername where YY it the last two digits and Y last digit of the year of the program. Rename the file, adding .old after the Windows Username.
  2. Ask if the user has the same login for both their NetStaff and Thomson Reuters ID accounts.
  3. Enable MFA on both the NetStaff and Thomson Reuters ID account (and Onvio, if applicable).  Do not skip this step.
  4. Change the login name used for the NetStaff account so it is not the same as the Thomson Reuters ID. See  changing NetStaff login for more information.
  5. Reset the NetStaff password.

To work through the situation, complete the following steps:

  1. Ask if the user has the same login for both their NetStaff and Thomson Reuters ID accounts.
  2. Enable MFA on both the NetStaff and Thomson Reuters ID account (and Onvio, if applicable).  Do not skip this step.
  3. Change the login name used for the NetStaff account so it is not the same as the Thomson Reuters ID. See  changing NetStaff login for more information.
  4. Reset the NetStaff password.

These types of errors are generated by the device's manufacturer and can affect all apps installed on the device. These are not Thomson Reuters' errors. The Thomson Reuters Authenticator app does not have an online requirement or license requirement. Some devices will occasionally need to be connected to the internet to update and allow access to applications. If a user reports this error, try the following:

  • have the user try to restart the device.
  • have the user try to connect the device to the internet.

If those items do not work, have the user contact the device's manufacturer or IT professional.

In order to remove the Onvio TRID login screen, rename the Onvio licenses.

If the firm still has valid Onvio licenses in Flash or EMS, put them in touch with Onvio support for assistance setting up or maintaining Onvio accounts.

Location License filename
WinCSI\Licenses\ ddxname.dat
WinCSI\Licenses\utYY\ iYdxname.dat