Support

Contact Mideye Support

How to reach us and what information to include so we can help quickly

When you need to contact Mideye support about authentication issues, providing the right information upfront ensures we can investigate and resolve the problem quickly. This guide explains what details help us diagnose issues efficiently.

What Should You Know Before Contacting Us?

Most authentication issues can be resolved by your organisation's IT helpdesk. Common causes include misconfigured phone numbers in Active Directory, VPN timeout settings, or users who have changed phones. For end-user troubleshooting, see our mobile phone user guide.

If your helpdesk has investigated and the issue persists, we are happy to help. To avoid back-and-forth, please include the information described below when you contact us. Administrators can also access diagnostic information through the admin portal.

Why we ask for phone numbers

Mideye does not have access to or visibility into your organisation's environment — we cannot see usernames, Active Directory accounts, or VPN sessions. What we can see is phone numbers (or token serial numbers) and what happened to them in our authentication system. That's why the user's phone number in international format (e.g. +46701234567) is the key piece of information we need to investigate any issue.

What We Need to Know

A good support request includes five key pieces of information:

1

Phone number

The affected user's mobile phone number in international format, e.g. +46701234567. This is how we identify users in our system.

2

When the issue occurred

Date and approximate time (including timezone) when the user last experienced the problem. This helps us find the relevant entries in the authentication logs.

3

User's country / location

The country the user is currently in. Some countries have SMS delivery restrictions or carrier-specific issues that affect OTP delivery. For information about SMS delivery, see our global coverage page.

4

Type of issue

Describe what happens (or doesn't happen) when the user tries to log in. See common issue types below for guidance.

5

Log excerpt (if available)

If your organisation runs a local Mideye Server, a screenshot or log excerpt from the authentication log around the time of the failed login is extremely helpful. See reading the logs below.

What Are Common Issue Types?

When describing the problem, try to identify which category it falls into. This helps us investigate faster.

SMS one-time password does not arrive

This is the most common issue. Possible causes include:

  • Phone number formatting: The number in your directory (e.g. Active Directory) must be in international format without spaces, dashes, or parentheses. For example: +46701234567, not 070-123 45 67 or (0)70 1234567. Invisible characters (e.g. from copy-pasting) can also cause problems.
  • Carrier or routing issue: The user's mobile carrier may have changed routing. We can check and adjust routing on our side if needed.
  • Country restrictions: Some countries block or filter international SMS messages. If the user is abroad, let us know which country.
  • Phone switched off or no coverage: The user's phone needs to be on and have mobile network coverage to receive SMS.
  • New user setup: If this is a newly registered user, double-check the phone number in your directory. A common mistake is extra digits, missing country code, or a leading zero that shouldn't be there.

What to check first: Open the user's account in Active Directory (or your user directory) and verify the phone number field is correct, in international format, and free of invisible characters. Try re-typing the number manually instead of copy-pasting.

Mideye+ push notification (Touch Accept) does not arrive

The Mideye+ app uses push notifications for Touch Accept logins. If the notification does not arrive:

  • Internet connection: The user's phone needs an active internet connection (Wi-Fi or mobile data) to receive push notifications.
  • App not activated: The Mideye+ app may need to be re-activated if the user switched phones or restored from a backup. See Activate Mideye+.
  • Notification permissions: The user may have disabled notifications for the Mideye+ app in their phone settings.
  • Battery optimisation: On Android, battery optimisation can prevent push notifications from being delivered. The Mideye+ app should be excluded from battery optimisation.
User accepts Touch but login still fails

If the user taps "Accept" on the push notification but the VPN or service does not complete the login, the issue is usually a timeout on the VPN/service side:

  • The VPN client or web service has a RADIUS timeout that is shorter than the time the user needs to see and respond to the push notification.
  • If the VPN gives up after, say, 15 seconds, but the user takes 20 seconds to reach for their phone and tap Accept, the session has already been closed.

Solution: Increase the RADIUS timeout on your VPN or access gateway. We recommend at least 36 seconds for Touch Accept authentication. If your system has a lower maximum (some gateways cap at 30 seconds), set it as high as possible. The Mideye Server log will show Touch Accept login was unsuccessful if this happens.

Invalid OTP error

The authentication log shows Invalid OTP. Possible causes:

  • Mistyped code: The user may have entered the SMS code incorrectly.
  • Expired code: The OTP has a limited validity window. If the user waited too long, they need to request a new one.
  • Mideye+ offline code out of sync: If the user is using the offline one-time password feature in the Mideye+ app and enters codes repeatedly without completing a login, the app's counter can drift out of sync. Re-activating the app may resolve this.
  • Hardware token out of sync: HID mini tokens and similar hardware tokens can fall out of sync if the button is pressed many times without the codes being verified. See Token Card Users for re-synchronisation instructions.
"Phone or token number is invalid or missing"

This error means the Mideye Server could not find a valid phone number or token serial number for the user. The most common causes:

  • The phone number field in Active Directory is empty.
  • The number contains invalid characters (invisible whitespace, letters, or special characters from copy-pasting).
  • The number is too short or not in international format.
  • The phone number is stored in the wrong AD attribute (your Mideye Server is configured to read a specific attribute).

Solution: Open the user's AD account and manually re-type the phone number in international format (e.g. +46701234567). Do not copy-paste from another system.

User changed phone or got a new number

New phone, same number: If the user has a new phone but kept the same phone number, they need to download the Mideye+ app on the new phone and re-activate it. SMS-based login continues to work immediately since the number hasn't changed.

New phone number: The IT administrator must update the phone number in Active Directory (or whatever user directory is used). Once updated, the user can activate Mideye+ with their new number.

User is travelling and SMS does not work in their country

Some countries restrict or filter international SMS delivery. If a user is abroad and cannot receive SMS OTPs:

  • Mideye+ app: If the user has the Mideye+ app, they can use Touch Accept (requires internet) or offline one-time passwords (no internet needed). This is the simplest workaround.
  • Manual Mideye+ activation: If the user doesn't have the app and cannot receive the activation SMS, contact us. We can perform a manual activation so the user can start using Touch Accept or offline codes.
  • TOTP tokens: For organisations that need a permanent solution for users in SMS-restricted countries, on-premises TOTP tokens can be configured. Contact us for details.

When contacting us about SMS issues abroad, always mention which country the user is in.

All users fail when logging in from a specific VPN or login page

If every user fails from one particular VPN gateway or login page, but users logging in through other gateways work fine, the problem is almost certainly a RADIUS shared secret mismatch.

The RADIUS shared secret is a password shared between the VPN/gateway and the Mideye Server. If they don't match, the Mideye Server silently discards the incoming requests — it will not even log them.

What to check:

  • Compare the shared secret configured on the VPN/gateway with the one configured on the Mideye Server for that specific RADIUS client.
  • Watch out for trailing whitespace, invisible characters, or copy-paste artefacts in the shared secret.
  • If the gateway was recently added or reconfigured, verify that the Mideye Server's RADIUS client list includes the correct IP address and secret.

Symptom: No authentication log entries appear at all when users try to log in through the affected gateway. If you do see log entries, the shared secret is fine and the problem is elsewhere.


Reading the Authentication Log

If your organisation runs a local Mideye Server, the authentication log is the single most useful source of information when troubleshooting. Here are common log messages and what they mean:

Log message What it means
Authentication successful The login completed successfully. If the user still can't access the service, the issue is on the VPN/service side, not Mideye.
Could not find user The username does not exist in the directory that Mideye Server reads from. Check that the user account exists and is in the correct OU/group.
No authentication log entry at all If no log entry appears when a user tries to log in, the RADIUS request is not reaching the Mideye Server. Check network connectivity, firewall rules, and that the RADIUS shared secret matches on both the VPN/gateway and the Mideye Server. A mismatched shared secret will silently drop requests.
Phone or token number is invalid or missing The phone number field in the user directory is empty, malformed, or contains invalid characters. Re-type the number in international format.
Invalid OTP The one-time password entered by the user did not match. Possible mistype, expired code, or offline app out of sync.
Touch Accept login was unsuccessful The push notification login failed — typically because the user rejected it, didn't respond in time, or the VPN timed out before the user could respond. Increase the RADIUS timeout if this happens frequently.
Phone not reachable / OTP delivery error The Mideye central service was unable to deliver the SMS. The phone may be off, out of coverage, or there may be a carrier/routing issue. Contact us with the phone number and country.

Tip: Include a log screenshot

When contacting us, a screenshot or copy of the relevant authentication log lines saves significant time. Filter the log by the user's phone number and the time of the failed login attempt.

Can You Use Our Email Template?

Copy the template below, fill in the details, and send it to support@mideye.com. The more complete the information, the faster we can help.

Subject: Authentication issue — [COMPANY NAME] — [PHONE NUMBER]

Hi Mideye Support,

We have a user who is unable to authenticate. Details below:

1. PHONE NUMBER (international format):
   +

2. WHEN DID THE ISSUE OCCUR:
   Date:
   Approximate time (incl. timezone):

3. USER'S COUNTRY / LOCATION:

4. ISSUE DESCRIPTION (select and describe):
   [ ] SMS one-time password does not arrive
   [ ] Mideye+ push notification does not arrive
   [ ] User accepts Touch but login does not complete
   [ ] Invalid OTP error
   [ ] Phone number missing / not found error
   [ ] User changed phone or phone number
   [ ] SMS not working in user's country
   [ ] Other: ___

   Additional details:


5. LOG EXCERPT (if available):
   (Paste relevant lines from the Mideye Server authentication log,
    or attach a screenshot)


Company:
Contact person:
Contact email:
Contact phone:

How to Reach Us

What Helpful Links Are Available?