Hey Marc,

Thanks for raising this issue. We will update our guides to reflect this discovery. Sadly, this is a Microsoft issue (not a Mews one), so we cannot resolve it completely.

David

Hey @David Endersby 

Thank you for the quick reply. A bit surprised that this is a Microsoft issue, as using Microsoft Authenticator for over 50+ applications (several PMS, Project Tools etc, often for several accounts under the same email, Test and Prod and so far never had any issues. But obviously not aware of the technical details.

Best, Marc

Hey @marc agilotel,
Your comment inspired me to find out how other platforms handle this issue. After some digging, I might have found the problem. I believe the reason we’re running into this issue is because the 2fa issuer is identical across all Mews environments, which leads to Microsoft thinking they have the same 2fa keys. I made a proof of concept to test this hypothesis, which seems to fix the problem.

I will ask the team to validate this next week and get back to you.

Thanks

David

Hey @David Endersby 

Nice - thank you for being curious! I agree with your findings, that was my assumption as well. I think good to also include in the analysis the case where you are authenticating against an external Identity store (such as Entra - SSO), because there, you might have the need to authenticate against one single source of truth for both Demo and Prod. Otherwise I think the two environments should be strictly separated in all functions.

Have a great weekend, Marc

Hey @marc agilotel,
Just an update. We made a fix for this issue and merged it today. It’s unlikely to go to production tomorrow (cos its Friday) but it will be there first thing on Monday.

Thanks for raising this issue and being patient on this one 

David

Oh wow, that was fast @David Endersby - great to hear and many thanks!

I have now installed the 1Password 2FA for Demo and love it - great to hear there are so many options!

Many thanks once again!

Marc