Stuck in a loop. OneAuth asks for sign-in approval from OneAuth itself | Troubleshooting - Zoho accounts

Stuck in a loop. OneAuth asks for sign-in approval from OneAuth itself.

What happened?

OneAuth becomes the gateway to access your account if you haven't configured any other MFA modes, such as Time-based OTP, or YubiKey. Hence, this issue may arise when you reinstall the OneAuth app on your device and try to sign in with your Zoho account. Here are the reasons why:
  1. You uninstalled OneAuth from your device without disabling MFA.
  2. You performed a factory-reset on your device where OneAuth was installed.
  3. You have lost your device that has OneAuth installed.
  4. You have cleared the OneAuth app data intentionally or inadvertently.
In the above scenarios, you wouldn't have manually signed out from OneAuth on your device, and hence, the session present on that device would still be considered active. So, when you try to sign in now, the approval push notification would still be sent to that device session.

How to resolve this issue?

You can sign in to OneAuth If you have set up any one of the following recovery or sign-in options for your account:
  1. Configured OneAuth in other devices (i.e., secondary devices).
  2. Configured recovery modes such as Passphrase, Backup verification codes.
  3. Configured another OTP authenticator app for your account.
  4. Linked a security key with your account.
Notes
Note: If you haven't configured any of the above recovery/sign-in options, write to our support team at support@zohoaccounts.com. We will help you to recover your OneAuth.

Steps to sign in to OneAuth

If you are signing in using password + OneAuth:

  1. In the sign-in page of your re-installed OneAuth app, enter your email address or mobile number.
  2. Click Next.
  3. Enter your password.
  4. Click Sign in.
  5. You'll receive a pop-up message mentioning "Lost access to your device". Click Show all other options.
  6. Choose any one of the following alternate sign-in options shown, based on what you've configured for your account.
    1. OneAuth
    2. OTP authenticator
    3. Security key
    4. Backup verification code
    5. Passphrase
  7. Verify using the chosen alternate recovery/sign-in option.
  8. Click Verify. You'll be signed in to OneAuth.
  9. Make sure to set this device as the primary OneAuth device so as to receive sign-in approval notifications.

If you are signing in using OneAuth passwordless sign-in:

  1. In the sign-in page of your re-installed OneAuth app, enter your email address or mobile number.
  2. Click Next.
  3. You'll receive a pop-up message mentioning "Lost access to your device". Click Show all other options.
  4. Use any one of the below primary sign-in options to verify:
    1. OneAuth secondary devices
    2. Password
    3. OTP sent to your email or mobile number
    4. SAML or JWT based SSO
To use OneAuth secondary device
If you choose OneAuth secondary device option, your sign-in will only require verification from that device.
  1. Tap the sign in approval notification you received in your OneAuth secondary device.
  2. Use any of the three sign in modes in OneAuth such as push notification, time-based OTP or QR code to verify. You'll be signed in to OneAuth.
  3. Make sure to set this device as the primary OneAuth device so as to receive sign-in approval notifications.
To use Password, OTP sent to email address/mobile number, SAML or JWT based SSO
If you choose any of these primary sign in options, you need to verify an alternate recovery/sign-in option along with this to sign in to OneAuth.
  1. Click Proceed to continue verification.
  2. In step 1, use the primary sign-in option you have chosen to verify.
  3. Click Verify.
  4. In step 2, choose any one of the following alternate recovery/sign-in options, based on what you've configured for your account.
    • OTP authenticator
    • Security key
    • Backup verification code
    • Passphrase
  5. Verify using the chosen alternate recovery/sign-in option.
  6. Click Verify. You'll be signed in to OneAuth.
  7. Make sure to set this device as the primary OneAuth device so as to receive sign-in approval notifications.

How to prevent this in the future

  1. Make sure to configure at least one of OneAuth's recovery modes.
  2. Set up a secondary device, so that you can authenticate yourself if you're away from or have lost your primary device.
  3. Disable MFA for your Zoho account before uninstalling the app.