This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 3%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Hello,
I am experiencing an issue related to Azure AD B2C MFA with TOTP using an authenticator app. I have successfully created the custom policies and enabled MFA with TOTP without any problems. However, after enrolling a user by scanning the QR code, the application prompts me for an authorization code and then displays the following error: “Cannot use MFA service, please try again later.” It repeatedly asks for the verification code.
Interestingly, if I close the MFA window and log in again, the MFA enrollment appears to complete correctly, and I can successfully verify using the code from my mobile app. In summary, the problem occurs exclusively immediately after MFA is enabled; once the MFA window is closed and the user logs in again, the two-factor verification works properly.
For reference, I used the guidelines on this page for enabling MFA with custom policies: https://github.com/azure-ad-b2c/samples/tree/master/policies/totp
I appreciate any assistance in resolving this issue.
Best regards,
Nick
I added this image to clarify my problem. This image illustrates the issue I’m experiencing
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 89%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHE%3C/text%3E%3C/svg%3E)
Hi @Nick
Thank you for Reaching out Microsoft Q&A Platform
I Understand that you are encountering an issue related to Azure AD B2C MFA with TOTP using an authenticator app. I you have successfully created the custom policies and enabled MFA with TOTP. However, after enrolling a user by scanning the QR code, the application prompts for an authorization code and then displays the following error: “Cannot use MFA service, please try again later.” It is repeatedly asking for the verification code.
Based on the error message, this issue may occur due to temporary problems with the MFA service. Check the Azure service status page to see if there are any ongoing outages or maintenance affecting the MFA service. Additionally, the error could be related to session persistence or caching. After registering, wait for 2 to 3 minutes, clear your browser cache and cookies, and then test the process again with a new user to see if the issue persists.
The following ID is used for a Microsoft Entra ID multifactor authentication technical profile error Message:
For additional information refer this document: https://learn.microsoft.com/en-us/azure/active-directory-b2c/localization-string-ids#microsoft-entra-multifactor-authentication-error-messages
Do let us know if you any further queries.
Thanks for the advice, but I'm still not sure what could happen... What I do know is that the MFA is created, but with the secretKey as null, and I don't know if this could be the issue causing the error message after creating the user.
Another thing I know is that despite the error message "Cannot use MFA service, please try again later," the verification code is still required to activate MFA (the verification code is mandatory to activate MFA so it is verified by the server despite the error). So even if the error appears, the code is accepted.
The MFA is added like object similar as this one: '{
"id": "5743e1be-ff4b-4822-1776-f54d32121c9f",
"secretKey": null,
}'
You can see with my example that the MFA is created, but the secretKey is null. What do you think, can be that the reason for the error and if this is the error do you have any suggestion why the secretKey is saved as null?
The strange part is that despite the error after closing the window and login I can add the code of verification without any problem.
I appreciate any assistance.
Best regards,
Nick