Description: Your customers may encounter some situations where they need to reset TOTP MFA and enroll with a new QR code to connect to the VPN such as:
- An end user changes their phone.
- An end user loses their phone.
- An end user's phone is stolen.
Follow the steps below to reset a user's TOTP MFA. After resetting, they can enroll with a new QR code from the Client Web UI.
Note: You must connect to the command-line interface (CLI) for your access server to reset a user's TOTP MFA. The Access Server administrator must connect directly to the console with root permissions ("sudo su").
Reset a user's TOTP MFA code
- Connect to the Access Server console with root permissions.
- Based on your Access Server version, run the following commands:
For Access Server 2.11 and newer:
./sacli --user <USER> --lock 0 TotpRegen ./sacli start
For older Access Server versions:
./sacli --user <USER> --lock 0 GoogleAuthRegen ./sacli start
- For Access Server 2.11 and newer:
- Instruct the user to access the Client Web UI (CWS) and enroll again using a new TOTP MFA QR code provided there.
For more info, refer to Command line configuration parameters on our TOTP MFA documentation page.
If you have additional questions, please submit a ticket.