User Console and Device Login with Push MFA Degradation
Incident Report for JumpCloud
Postmortem

JumpCloud Incident Report

Date: 2022-08-09

Date of Incident: 2022-08-04

Description: RCA for PUSH MFA Degradation

Summary:

At approximately 15:45 MDT on 2022-08-04, some JumpCloud customers experienced failures authenticating using JumpCloud Protect Mobil Push.  Users that had multiple MFA configurations enabled were able to authenticate successfully using a secondary option.  This degradation of service lasted until approximately 17:20 MDT on 2022-08-04.

Root Cause:

A latent misconfiguration in our notification (authentication-api) service was inadvertently exposed during a migration of our infrastructure configuration management software. This configuration caused the container health checks to fail, and not allow this service to start properly.

Corrective Actions / Risk Mitigation:

  1. Correct the configuration in our management software - DONE
  2. Increased alerting on this service - Target 08/2022
  3. Identify other services for key configuration alerting - Target 08/2022
Posted Aug 09, 2022 - 07:47 MDT

Resolved
This incident has been resolved.
Posted Aug 04, 2022 - 17:23 MDT
Update
We are continuing to investigate this issue.
Posted Aug 04, 2022 - 17:03 MDT
Investigating
We are currently experiencing higher than expected error rates for PUSH MFA with the user console and device logins. We are investigating and will update as we know more.
Posted Aug 04, 2022 - 16:02 MDT
This incident affected: TOTP / MFA / JumpCloud Protect and User Console.