I am looking for any help with what I am being told is a security issue by Intuit. I do not know what or where it is.
We use Intuit products (Lacerte Tax and QuickBooks). About a week ago Lacerte began requiring 2FA for all users on our network EVERY time they login. We do not have this configured. We thought it was Lacerte related, but see this across all the Intuit on line products. If I login from my home LAN I do not have this issue.
They indicate that this has to do with their systems seeing our client as a medium security risk (or similar). As stand alone workstations and users running on our RDS server both have the issue, I am skeptical that it is a server problem.
I am wondering if it may be something in our security configuration, as this would impact all clients equally. Meraki seems to be the only common thread.
Does anyone have any thoughts or seeing similar behavior?
I use QuickBooks Online regularly and have to enter a code every time I log in from work and home office networks. It is how I expect it to work though. Strange that it does not ask from a different network for you.
Maybe an error/bug on Intuit?
Try dropping your public IP into this tool to see what results you get if you think you might be on a database listing you at some risk level: https://mxtoolbox.com/blacklists.aspx
I would reach out to Intuit support as I don't see how Meraki could have anything to do with this.
Thanks for your reply
Actually this is true for QBO, but not for camps.intuit.com, QuickBooks time and other sites. Lacerte in particular uses a MS Edge component (basically a browser window) as the login and verifies with Intuit. I suspected it's a cookie but we have whitelisted all the suggested sites under trusted sites. I have needed to periodically verify, but on what should be trusted devices not need to do this every time.
Our network IP comes back clean, thanks for the tip.
Intuit support has not been helpful. I have over 2 hours on support calls. They tell me I need to troubleshoot my servers for a medium security risk issue. Inuit bug \error, very likely but as I only need to authenticate once from home, it's probably something in my environment that is the major issue.
I am trying to bang down all the common threads, and every request goes through Meraki
I bet this is an issue with a cookie not being allowed. Can you try a different browser to test this out?
It sure acts and smells like a cookie.
I have also tried the new MS Edge and have the same issue.
As the issue impacts all our users and began at the same time, I need to suspect it's something at a higher more common level.
I have also posted on our AV forum and MS Technet.
Ultimately this turned out to be an Intuit issue, as I suspected.
Thanks for the heads up!