Viewable by the world
Purpose of Knowledge Article:
Guide to activating emergency bypass MFA if you cannot authenticate with MFA, most commonly due to:
- Lost your phone
- Lost the MFA token
- Phone got reset
- Got new phone
- MFA token no longer works (out-of-sync)
Emergency MFA bypass is to be used infrequently for emergency situations only.
Emergency MFA bypass is NOT to be used on a regular basis to avoid MFA
Resolution:
This will only work if:
- You already have your Notification Information set up and it is up-to-date (you are asked to do this when first activating your Berkeley Lab Identity account)
- You have access to the non-LBL email or mobile number you provided in the Notification Information
- You have not changed your LDAP password within the past 14 days
- It is recommended to do this using Google Chrome in Incognito Window. Other browsers/modes may give you glitches and/or false-positive errors. So be sure to use Google Chrome in Incognito mode.
- Be sure to do step 1 and step 2.
- If you have successfully activated the bypass in step 1, but you are still getting asked for the One Time Passcode (OTP). Close out of the browser and relaunch into Google Chrome in Incognito mode and try step 2 again.
- Go to https://identity.lbl.gov/bypass/ and follow the on-screen instructions to set up an MFA bypass
- Set up a new MFA token with Google Authenticator. See Install Google Authenticator and Setup MFA for instructions.
If you already have Google Authenticator on your phone, you will just need to Add a new MFA token.
If you get any error messages during the process. Submit a ticket to [email protected] and include the following:
- A screenshot of the error message you are getting
- Your Berkeley Lab username
- Your Berkeley Lab employee ID number
- The phone number you can be reached at
IT Support Services will get back to you