SMA1000: TOTP Two-Factor Authentication Failure — 'Invalid code' Due to Time Sync Mismatch

Part 1 — Verify and Correct Appliance Time

1. Log in to the Appliance Management Console (AMC).
2. Navigate to System Configuration > General Settings.
3. Under Date and Time, compare the displayed time against a reliable time source (e.g., time.is).
4. If the time is incorrect, either set it manually or configure NTP: under NTP Settings, enter a reliable NTP server address (e.g., pool.ntp.org) and click Sync Now.
5. Click Pending Changes and apply the configuration.

Part 2 — Sync the User's Authenticator App

If the appliance time is correct, the issue is on the user's device. Follow the steps for the relevant app and platform:

Google Authenticator — Android

• Open the Google Authenticator app.
• Tap the three-dot menu > Settings.
• Tap Time correction for codes > Sync now.
• The app confirms the time has been synced. This only affects the app's internal clock, not the device's system time.

Google Authenticator — iOS

• Open the iPhone Settings app.
• Go to General > Date & Time.
• Enable Set Automatically. If already enabled, toggle it off, wait a few seconds, and toggle it back on.

Microsoft Authenticator — Android and iOS

• Microsoft Authenticator relies on the device's system clock. There is no in-app time sync option.
• On Android: Settings > System > Date & Time > enable "Set time automatically."
• On iOS: Settings > General > Date & Time > enable "Set Automatically."
• If the device clock was significantly off, re-add the SMA TOTP account in the app by rescanning the QR code from AMC.

Verification

After correcting the time on both the appliance and the user's device:

• Have the user attempt to log in again with a fresh TOTP code.
• Confirm 2FA completes successfully.
• If codes are still rejected, re-enroll the user's TOTP account by deleting the existing enrollment from the AMC - Authentication Servers > One-Time Passwords > Configure time-based one-time password (TOTP) settings > Users (tab)