Error: MFA-013
Issue description
The MFA-013 error code is displayed when a user account is restricted in ADSelfService Plus. This restriction blocks the user from logging in and completing MFA on machines where Endpoint MFA is enabled.
Possible causes
- The user account has been manually restricted in the ADSelfService Plus portal.
- The restriction was applied due to specific conditions defined in the restriction scheduler.
- The account was mistakenly marked as restricted during configuration changes or user management operations.
Prerequisite
- Administrative privileges in the ADSelfService Plus portal to view and modify user restriction settings
Resolution
- Log in to ADSelfService Plus with administrator credentials.
- Navigate to Admin > License Management > Restrict Users.
- Identify the user account showing the MFA-013 error.
- Verify if the account is listed as restricted.
- Remove the restriction on the account.
- Instruct the user to attempt logging in again and confirm if the issue is resolved.
How to reach support
New to ADSelfService Plus?
Related Articles
Error: You need to enable self-service password reset/account unlock feature or ADSelfService Plus MFA.
Issue description The error message "You need to enable self-service password reset/account unlock feature or ADSelfService Plus MFA" is displayed when an admin tries to import enrollment data from an external database. Possible cause No self-service ...Resolving the error MFA-041 in the ADSelfService Plus login agent
Issue description When a user tries to log in to a Windows machine protected by ADSelfService Plus MFA, users may encounter an error message with code MFA-041. This error indicates a communication failure between the login agent on the user's ...Invalid Access URL while using Duo Security as an MFA.
Troubleshooting "Invalid access URL" error for Duo Security MFA configuration in ADSelfService Plus To resolve the "Invalid access URL" issue when using Duo Security as an authenticator in ADSelfService Plus, ensure the access URL is correctly ...Error: Your account is not enrolled for multi-factor authentication. Please enroll to avail the service
Issue description Users may encounter the error message "Your account is not enrolled for multi-factor authentication. Please enroll to avail the service" when trying to log in to ADSelfService Plus. Possible cause MFA is enabled for ADSelfService ...Error: Invalid username or enrollment required to use this service. Please log in and complete your enrollment
Issue description Users may encounter the error message "Invalid username or enrollment required to use this service. Please log in and complete your enrollment." This typically occurs when attempting a password reset or account unlock via the ...