Terraform Enterprise users with 2FA (TOTP) enabled are unable to login as their OTP is rejected with the following error:
Invalid authentication code!
This can be caused by NTP drift on the Terraform Enterprise server. Run
status to view the current system time to identify drift. Additionally, verify if the system's NTP daemon is running by checking the value of
NTP service in the output of
$ timedatectl status
Local time: Wed 2023-04-19 14:51:22 UTC
Universal time: Wed 2023-04-19 14:51:22 UTC
RTC time: Wed 2023-04-19 14:51:22
Time zone: UTC (UTC, +0000)
NTP enabled: no
NTP synchronized: no
RTC in local TZ: no
DST active: n/a
This can be resolved by syncing the system clock by enabling the system's NTP daemon with
timedatectl set-ntp true.
Note that this specific issue would affect all Terraform Enterprise users with two-factor authentication enabled. For invalid token errors local to a given user, have the user authenticate with back up codes downloaded during the set up of 2FA or work with a Terraform Enterprise administrator to reset 2FA.