Frequently Asked Questions

Can't authenticate? Check our Frequently Asked Questions below. Still can't find the answer? Contact us!

Note

The questions and answers below are general applicable.
For specific instances of The Identity Hub specific configurations and tenant settings can impact your end user experience.
In that case you can contact the tenant administrator by clicking the 'Contact us' link at the bottom of the authenticate page for your tenant.

Which browsers are supported?

All browsers recognizing cookies with SameSite properties (according to the latest RFC)

The SameSite attribute of cookies declares whether the cookie should be restricted to a first-party or same-site context.
The Identity Hub applies the attribute to cookies to be in line with the latest RFC related to this matter.
Due to this compliance, older browsers which do not support this attribute are no longer supported since February 2020.

Supported :

• Google Chrome (or Chromium based browsers) version 100 and newer
• Microsoft Edge Chromium: We follow the official support lifecycle for the "Stable" release channel (https://docs.microsoft.com/en-us/deployedge/microsoft-edge-support-lifecycle)
• Safari 15.X

I land on a Forbidden page

Firewalls or geoblocking is applied

The Identity Hub instance you are using might have different defense layers applied.
Firewalls can be configured to only allow certain IPaddress ranges or use geoblocking.
A firewall can also block specific requests due to character sequences used in the url. First close the browser and restart the authentication flow again.
If the problem persists, notify the tenant administrator. Use the 'contact us' link on the authenticate page for your tenant.

Why do I need to configure 2FA?

The administrator of your tenant decided to require 2FA

2FA helps you secure your account and resources better. Even when your password gets compromised, the second factor is not.
Either the administrator can decide to require 2FA for all users, or you can decide yourself to protect your account.

I am having trouble configuring a 2FA authenticator app

Check the tips below

• Be aware that each time you get a message that the configuration has failed, you get a new QRcode presented which you need to use for setting up your account in the authenticator app. To prevent confusion, it is advisable to first delete the account in the authenticator app before creating a new one based on the new QR code.
• 2FA authenticator apps are based on the Time-Based One Time Password Algorithm, this means that it is imperative that the clock of your device is set correctly.
• Verify your device has connection to the Internet and notifications are allowed for the authenticator app.
• If you are using Microsoft Authenticator, check this documentation page.
• When configuring an authenticator app which also has account(s) related to your work account (eg. Microsoft authenticator), use "other account".
• If you are using Google Authenticator, check this support page.
• If you are using Duo Authenticator, check this documentation page.

The 2FA verification code returned by my authenticator app is not accepted

Check the tips below

• 2FA authenticator apps are based on the Time-Based One Time Password Algorithm, this means that it is imperative that the clock of your device is set correctly.
• Verify your device has connection to the Internet and notifications are allowed for the authenticator app.
• If you are using Microsoft Authenticator, check this documentation page.
• If you are using Google Authenticator, check this support page.
• If you are using Duo Authenticator, check this documentation page.

I have a new mobile phone and 2FA no longer works

You will need to re-configure 2FA

In case you can still use your old mobile (eg by WiFi)

1. Sign in to your profile page in The Identity Hub (for SAAS https://www.theidentityhub.com/{yourtenant}/Profile) using the authenticator app on your old mobile
2. Go to the Security Information
3. In case 2FA is mandatory, make sure your email-address is verified. If not, do so first
4. On the Security Information page: click the 'Remove Authenticator app' button and confirm on the next page
5. Now you can re-configure the authenticator app by clicking the 'Configure authenticator app'
6. You will get a QR code to scan on your new mobile phone

You no longer can use your old mobile

Contact your (TIH) service desk to reset your 2FA authentication, upon the next login session you will be presented with a new (QR) code to configure your authenticator app.

I land on the Warning page although I authenticated successfully with my account

Check if you have multiple browser windows with logon sessions

When authenticating make sure to have only 1 browser window open for the authentication process.
If not, close your browser and all browser windows and start over.
Consider deleting the cookies related to The Identity Hub to ensure you start a new session.
Always go to the start page of the app you are signing in to, do not use a bookmark of the authenticate page of The Identity Hub.
If needed use an incognito window to check whether you can sign in to the Profile app of The Identity Hub (for SAAS https://www.theidentityhub.com/{yourtenant}/Profile)

Warning

When double-clicking links to the login page in an email you might get two browser tabs open.

There are one or more missing claims

Applications can require specific roles or claims (attributes) to be sent by The Identity Hub based on your account information.
In case not all required roles or claims are available you receive a message which claims are missing.
Contact your service desk to check how your account can get the claims or how you can be assigned the correct roles.

The authentication failed or was canceled by the user

A variety of reasons can apply to this scenario. Possible are:

• you have been blocked by a tenant administrator in The Identity Hub.
• you waited too long to complete the authentication process. Close your browser tab and start again at the application page.
• there is a message about an expired code. Close the browser and start again at the application page.

If the problem persists, please contact your tenant administrator.
Use the 'Contact us' link at the bottom of the authenticate page or click the icon shown on the warning page. When contacting your service desk provide the following information:

• the full url on which you noticed the error
• date and time of the issue
• the url of the application for which you wanted to authenticate
• the name of the account provider (tile) you clicked (Facebook, Google, Microsoft, your corporate ADFS, ...)
• the name and version of the browser you used

I have a problem signing in with my Belgian e-ID card

Check the FAQ related to using your eID for authentication

You can find specifics on using your eID with a card reader at the Belgian governmental site here in:

• Dutch
• French
• German
• English

I am not signed out from The Identity Hub when I close and reopen my browser

This is either related to session settings in The Identity Hub, or a browser configuration

Chromium Settings (Chrome and Edge Chromium)

There are two setting that might lead to session cookies not being deleted when the browser is closed:

• Settings > On Startup > Continue where you left off
• Advanced > System > Continue running background apps when Google Chrome is closed

If one or both settings are active, session cookies are not deleted and when reopening the browser you might still be signed in.

• If your previous session with The Identity Hub is still valid (not expired) you will be signed in.
• If your previous session with The Identity Hub is no longer valid (expired) you will have to sign in.

The Identity Hub settings

It is possible that the administrator has configured the session to be valid for a given amount of time even if the browser is closed and reopened.

In that case you will be still signed in when reopening the browser if the validity period of the session has not expired.

---

NL