Hi,

We have a situation recently in our platform regarding MFA.

Currently we are using specific Genesys Accounts to log in to the platform and we are not enforcing MFA for the users.

They work locally in the local PC's of the platform with a dummy user ( the local PC is not in the domain), so they open genesys via Desktop app or Web and they log in with their credentials.

Then they connect to their RDS session with their own account.

Ok, latelly we are having the issue that from time to time the PC's are forcing users to set up MFA, so one user finish he logs off the session, another user comes in and Genesys desktop app is asking for MFA set up, blocking the user from logging in, if the user goes to the web version, some times he can log in from there, some times it also ask for MFA set up there.

The only way to solve it is to repair genesys app ( form add/remove programs) and clear all browsing cache from edge and chrome.

This was never an issue before and since 2-3 weeks ago its become a hell in our company.

We cant enforce MFA to every user because we are not there yet and we cant ask them to use their personal devices for installing an authenticator for company reasons.
The easiest solution would be to enforce MFA and configure it for everyone but we cant do it at the moment.

What i believe is happening is that some times if the agents access to a document in genesys it opens the web browser and forces the user to log in to the web version, when they finish they dont log off since, for them they never logged in the web, they just opened a document from the desktop app.

I think that the authentication token stays alive some how in the cache of the browsers and then when someone is going to use the desktop app, since the user logged in the web is different for some reason it forces the new user to set up an MFA.


I have went over one by one of the users and reset the MFA devices, just to avoid someone having it configured, i think this all started when one user had MFA configured and started sitting in the different PC's, bugging them out.

Any ideas?

Hello Hernani,

That does sound odd. I know that you've done some troubleshooting and have a current working theory. Were there any group policy changes to the web browser settings? Does this happen on Firefox and Chromium based browsers (Edge, Chrome, etc)?

If you are able to reproduce this issue easily, you may want to open a case with Customer Care so that they can take a look at some of the logs to narrow down why this is happening.

------------------------------
Jason Kleitz
Online Community Manager/Moderator

Original Message:
Sent: 03-07-2025 07:40
From: Hernani Ferrando
Subject: Genesys forcing MFA set up for users randomly

Hi,

We have a situation recently in our platform regarding MFA.

Currently we are using specific Genesys Accounts to log in to the platform and we are not enforcing MFA for the users.

They work locally in the local PC's of the platform with a dummy user ( the local PC is not in the domain), so they open genesys via Desktop app or Web and they log in with their credentials.

Then they connect to their RDS session with their own account.

Ok, latelly we are having the issue that from time to time the PC's are forcing users to set up MFA, so one user finish he logs off the session, another user comes in and Genesys desktop app is asking for MFA set up, blocking the user from logging in, if the user goes to the web version, some times he can log in from there, some times it also ask for MFA set up there.

The only way to solve it is to repair genesys app ( form add/remove programs) and clear all browsing cache from edge and chrome.

This was never an issue before and since 2-3 weeks ago its become a hell in our company.

We cant enforce MFA to every user because we are not there yet and we cant ask them to use their personal devices for installing an authenticator for company reasons.
The easiest solution would be to enforce MFA and configure it for everyone but we cant do it at the moment.

What i believe is happening is that some times if the agents access to a document in genesys it opens the web browser and forces the user to log in to the web version, when they finish they dont log off since, for them they never logged in the web, they just opened a document from the desktop app.

I think that the authentication token stays alive some how in the cache of the browsers and then when someone is going to use the desktop app, since the user logged in the web is different for some reason it forces the new user to set up an MFA.


I have went over one by one of the users and reset the MFA devices, just to avoid someone having it configured, i think this all started when one user had MFA configured and started sitting in the different PC's, bugging them out.

Any ideas?

#PlatformAdministration
#Security
#SystemAdministration
#Unsure/Other

------------------------------
Hernani Ferrando
------------------------------

Hi,

No changes in our browser polcies or settings, the browsers we use are chromium( Edge and Chrome).

I tried to reproduce but its  pretty random, the other day i removed the MFA device for one of the supervisor, that has a fixed seat pc, so nobody else works on that pc.

The first day went ok, but the second day when he wanted to log, Genesys desktop app was asking him to set up an MFA device, it was forcing him through the process of activating MFA again.

Some times you may log in to the web, some times the web also forces you to configure the MFA, and then the only solution i have found that works for now is to uninstall Genesys cloud app,  remove the genesys folder in C:\Users\username\AppData\Local\Genesys Cloud and also delete both chromium browsers cache.

Then reinstall the app, but if someone with MFA token logs in that pc, eventually it will force other users with no MFA to set up MFA, and some times they will be able to log via web, or some times not.

The only way to try to force it is to have a user logged in a machine with MFA, then reset the MFA and then eventually that machine will ask for MFA configuration it could be one day or 2 but it will come.

Its happening in different versions, including the latest one.

And its happening on the same local user of the local pc, we are using the same local user for the local pc, and then once logged everyone logs in to their RDS with their own domain credentials.

Another interesting thing is that if one agent logs in to genesys desktop app, and opens a document in a workspace, then sometimes genesys opens a browser and forces the user to log in to the web, the user logs in to the web and sees the document.

When that user goes home, he logs out from desktop app, but he does not log off from the browser, cos for him,  he just checked a document, he never logged in to genesys web.

So the next user comes in, he logs in to genesys desktop app, and if he wants to check a document, genesys browser will open, this time with the credentials of the previous user, that is still logged in the browser... if that user edits the url can go back to login screen and log in genesys with the other user credentials.

I think the TTL for logged accounts its way too long.

Regards

Hernani

------------------------------
Hernani Ferrando
[EBTS Pro Assist N.V]

Original Message:
Sent: 03-12-2025 11:46
From: Jason Kleitz
Subject: Genesys forcing MFA set up for users randomly

Hello Hernani,

That does sound odd. I know that you've done some troubleshooting and have a current working theory. Were there any group policy changes to the web browser settings? Does this happen on Firefox and Chromium based browsers (Edge, Chrome, etc)?

If you are able to reproduce this issue easily, you may want to open a case with Customer Care so that they can take a look at some of the logs to narrow down why this is happening.

------------------------------
Jason Kleitz
Online Community Manager/Moderator

Original Message:
Sent: 03-07-2025 07:40
From: Hernani Ferrando
Subject: Genesys forcing MFA set up for users randomly

Hi,

We have a situation recently in our platform regarding MFA.

Currently we are using specific Genesys Accounts to log in to the platform and we are not enforcing MFA for the users.

They work locally in the local PC's of the platform with a dummy user ( the local PC is not in the domain), so they open genesys via Desktop app or Web and they log in with their credentials.

Then they connect to their RDS session with their own account.

Ok, latelly we are having the issue that from time to time the PC's are forcing users to set up MFA, so one user finish he logs off the session, another user comes in and Genesys desktop app is asking for MFA set up, blocking the user from logging in, if the user goes to the web version, some times he can log in from there, some times it also ask for MFA set up there.

The only way to solve it is to repair genesys app ( form add/remove programs) and clear all browsing cache from edge and chrome.

This was never an issue before and since 2-3 weeks ago its become a hell in our company.

We cant enforce MFA to every user because we are not there yet and we cant ask them to use their personal devices for installing an authenticator for company reasons.
The easiest solution would be to enforce MFA and configure it for everyone but we cant do it at the moment.

What i believe is happening is that some times if the agents access to a document in genesys it opens the web browser and forces the user to log in to the web version, when they finish they dont log off since, for them they never logged in the web, they just opened a document from the desktop app.

I think that the authentication token stays alive some how in the cache of the browsers and then when someone is going to use the desktop app, since the user logged in the web is different for some reason it forces the new user to set up an MFA.


I have went over one by one of the users and reset the MFA devices, just to avoid someone having it configured, i think this all started when one user had MFA configured and started sitting in the different PC's, bugging them out.

Any ideas?

#PlatformAdministration
#Security
#SystemAdministration
#Unsure/Other

------------------------------
Hernani Ferrando
------------------------------