Question

Multi-factor Authentication For Mendix (MFA/2FA) from Emixa

0

Hi there, I’m working on the MFA integration and could use some guidance on the logic flow. Currently, I have an issue where the QR code (and secret) regenerates immediately as I start typing the code on the login page, causing the verification to fail. Could you clarify the correct sequence of events for setting up Google Authenticator so I can fix this loop?

asked 2025-11-21

Alexandr Sakalouski

1 answers

Hariharan Lakshmipathi Raj · Answer 1 · 2025-11-27

Hi Alexandr,

The issue occurs because the QR code and secret are being regenerated every time the login page refreshes or the data source is triggered. The correct flow is to generate the secret only once during MFA setup, store it against the user, and then always use that stored secret to create the QR code. The user scans the QR code, enters the code from Google Authenticator, and you verify it against the stored secret. During login, you should only validate codes against the stored secret without regenerating a new one.