Users with a two-factor authentication login requirement must meet IP address prerequisites to use Lightning Login
Last updated 2017-09-08 ·Reference W-3417913 ·Reported By 2 users
Summary
Users that have the "Two-Factor Authentication for User Interface Logins" user permission cannot use Lightning Login if the user does not have Profile IP Restrictions and their IP address is not on the global org IP whitelist.
Repro
1. Log in from outside your trusted network(Network Access) and verify your identity to complete device activation.
2. Enroll in Lightning Login.
3. Log out then make sure that you can log in with Lightning Login.
4. Assign the "Two-Factor Authentication for User Interface Logins" user permission to your user.
5. Log out then make sure that your user can log in with Lightning Login.
6. Remove your user's activation history and log out.
7. Lightning Login is not offered as a login option.
Workaround
To allow users to use Lightning Login, there are two options:
1. Add an IP to Profile IP Restrictions to their profile.
2.Add their IP address to the Network Access section within the organization.
Reported By (2)
Is it Fixed?
Any unreleased services, features, statuses, or dates referenced in this or other public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make their purchase decisions based upon features that are currently available.