2FA Email Sent but No Redirection to Token Input Screen (SuiteCRM 8.5.1)

SuiteCRM Version: 8.5.1
Installation Type: Compiled zip (downloaded from the official SuiteCRM site)
Environment: IIS 10 and PHP
Authentication Type: Default login with Two-Factor Authentication (2FA) enabled
Frontend: Default compiled React frontend

Issue Summary:

After enabling Two-Factor Authentication (2FA) for enhanced login security, I am receiving the 2FA code via email as expected. However, the UI does not redirect to the token input screen where I can enter the code.

Steps to Reproduce:

1. Navigate to the login screen (/public/#/Login).
2. Enter valid username and password.
3. Submit the login form.
4. Email is received with the 2FA code.
5. Expected: User is redirected to a screen prompting for the 2FA token.
6. Actual: No redirection occurs; the UI displays an error.

Observed Behavior:

• The GraphQL response (checked in the browser network tab) contains raw HTML content, not the expected JSON format.
• The UI shows an error like "Metadata not found" or similar.
• No errors are shown in SuiteCRM log files (suitecrm.log, php_error.log).

Request:

Please help investigate why the frontend is not handling the 2FA redirection correctly after successful login and email token generation. Also, guidance on returning proper JSON instead of HTML in the GraphQL response would be helpful.

You must upgrade to 8.8

Would upgrading to SuiteCRM 8.8 help resolve this problem?

2FA by mail is not supported on 8.x versions.
If you need 2FA authentication, 8.8 support 2FA by authenticator app .

Hello Amit,

IIS is not supported anymore.
So any sort of issues might derive from there.

As for the 2FA feature, check out my demo here:

Hi,
As suggested, I tried a fresh setup using the latest SuiteCRM version 8.8 on nginx. I followed the steps to enable Two-Factor Authentication (2FA) and used an authenticator app to generate the verification token.

However, when attempting to verify the token, I receive the following error:

“Two Factor Authentication failed. Try again.”

Please advise on how to resolve this issue.

image1907×637 48 KB

For the setup / the steps, you’ve done the same like I’ve done in the video?

I’m using the MS Authenticator - but that shouldn’t make a difference.
There have been some 2FA issues on github:

could you double check there, whether anything matches your error?

Other then that, try the usual suspects:

• log files
• server environment
• developer tools with the request / response details
  whether you can find any hints.

I watched your video and followed the steps.

However, I’m unable to see the existing issue in Git. Could you please check and let me know if there’s anything I might have missed?

image1918×947 205 KB

Interesting … seems to be an issue with Git?

If you go to the repo:

and search for
2fa
and then filter for the issues.

I use Google Authenticator and it work.

Is your fresh setup time sync with an NTP source? OTP is time-based algorithm, so client and server must have same time (timezone doesn’t matter)

There is a time difference between the server and my device — the server is set to EST timezone, while my phone is on IST timezone.
However, I don’t think this time difference should be causing the issue.

timezone doesn’t matter

You are right.
But I’m not able to debug it what should be the issue in this case?

Hi scicali,

Thanks for the guidance the Root Cause: was time sync.

After synchronizing the device and serve time the issue gets resolved.