PowerSchool ERP System Administration
PowerSchool ERP System Administration
Breadcrumbs

Multi-Factor Authentication (MFA) - Troubleshooting

The following errors may be encountered during MFA configuration:

MFA Key is not generated for the business entity

Description

The MFA key for the Business Entity was not generated before MFA was enabled at the profile level.

Resolution

Refer to Generate an MFA Key for the District.

Cloud-Hosted customers must contact PowerSchool Support to complete this step.

MFA code email not received

Resolution

  1. Ensure that the correct email field is populated for the user. Refer to Email Address Requirements.

  2. Ensure that the SMTP settings on the SMTP Configuration page are correct.

  3. For On-Premises environments, if the Business Entity has no per-entity SMTP, ensure that the global SMTP settings are configured and working.

  4. Check whether a spam filter or mail gateway is blocking the sender address.

  5. The MFA verification page includes a Re-send Verification Code button. When selected, a new code is sent to the user's email, and all prior codes are invalidated. The EAC implementation also applies a 30-second rate limit on resends. Try resending the code to a known-good mailbox to confirm SMTP delivery is functioning.

Cloud-Hosted customers must contact PowerSchool Support if they believe SMTP or environment-level settings need to be reviewed.

Unexpected sign-in loops or conflicting authentication prompts

Likely cause

MFA and SSO are both active for the same module or profile.

Resolution

  1. Check the authentication settings for the affected module or profile.

  2. Disable SSO if MFA is the intended method, or vice versa.

  3. Retest sign-in.

MFA code expires before users can enter it

Resolution

  1. On the Profile Details page, increase the MFA Expiration (in minutes) field value. The allowed range is 5 to 10 minutes.

  2. Select Save.

  3. Retest sign-in.

Cloud-Hosted customers must contact PowerSchool Support if this setting needs to be adjusted.

Account lockout

Description

If a user enters the wrong verification code multiple times, the system locks their account and displays the following message on the verification page: "The Multi-Factor Authentication process cannot be completed at this time. Your account has been locked for a period of time due to multiple MFA failures in the database. Please try again later."

Resolution

Wait for the lockout to expire, or contact the administrator to clear the failed attempts.