[SOLVED] Mattermost with DUO MFA and iphone mobile app


#1

We use DUO for MFA and that all works fine, however on the iphone mobile app, if someone taps the approval notification and goes into the app to approve the connection it puts you in a loop. If you pull down the notification on the phone and approve it, that successfully authenticates you. We don’t think this is an issue with our DUO app since we don’t have this issue with other products.


#2

Hi @stayC,

What sort of loop are you seeing? Does it send you back to the login screen after coming back to Mattermost and you have to re-enter your login information?


#3

Yes it send you back to the login screen continuously if you open the app to approve it.


#4

Hi @stayC,

  1. What server version are you using?
  2. What mobile app version do you use?
  3. Are there any logs you can gather from around the time the issue occurs?

#5

Mattermost server version 4.9 but problem existed on 4.7 as well.
Mobile App IOS 1.7.1
I will have to generate logs for it


#6

I just had a co-worker test it on Android phone and same issue. If you leave the Mattermost app to approve your MFA it brings you back to the login screen to authenticate again. If you stay in the Mattermost app when approving it works fine. I am sure anyone with MFA would have the same experience.


#7

Usually the app stays on the MFA screen when you switch apps, so if you hadn’t confirmed on another device, I would’ve thought the phone was low on memory or something so it was closing Mattermost when you switched away.

Are you using any login provider like GitLab, SAML, etc to log in, or are you just using email/password login?


#8

We are using DUO for MFA,. DUO and the Mattermost app are installed on the phone. When you log into the mattermost app the DUO notification pops up at the top of the mobile screen to approve it and you can either slide down the notification to approve or you can tap on the notification which opens up the DUO app to approve. Most people just pull down to approve on the same screen since that makes more sense and is more convenient but some people do tap on the app and opens it up and once you approve it, it directs you back to the Mattermost app login screen. Its not a memory issue or it would not be happening to everyone and on multiple OS.


#9

Are you using a custom version of the mobile app? I don’t believe we support MFA clients that use push notifications to open the app.

I’m trying to identify where it is that the app is resetting back to the server URL page. With the normal MFA flow of enter server URL > enter username/password > enter MFA code, switching apps off that screen doesn’t normally send you back to the start. It may happen if you’re going through a different flow though


#10

No we are using the normal Mattermost App.
Can you add this as a feature? If you approve the push notification from the same screen it works so it is possible, its once you come out the app it does not seem to understand. They have a free version of DUO for 10 users you can do testing. https://duo.com/pricing/duo-free


#11

Please consider adding this feature idea to our Feature Proposal forum and upvoting it!