EIGENN.
docsguidesapichangelogpricingsign in
EIGENN.

Troubleshoot Account Access

Diagnose hosted sign-in, SSO, workspace selection, MFA, subscription, and connection gates without exposing credentials.

Account access can be blocked by identity, workspace membership, MFA policy, subscription state, or required financial connections. Identify the page and message you see before changing anything.

Protect Credentials First

Never send or paste:

  • password or magic-link contents
  • MFA QR code, manual secret, or six-digit code
  • session cookie
  • OAuth access or refresh token
  • API key or webhook secret
  • bank login credentials
  • full payment-card details

Support can investigate with the sign-in email, organization domain, workspace, time, page URL, and exact non-secret error text.

1. Identify the Blocking Stage

What you seeLikely stage
Sign-in page repeatsHosted identity start or callback
SSO Setup RequiredOrganization/domain configuration
Create your Canvas workspaceNo active workspace membership
Set up two-factor authenticationMFA enrollment
Six-digit verification pageWorkspace MFA policy or fresh sign-in verification
Choose the plan or Verifying subscriptionSubscription gate
Non-dismissible Stripe and bank setupInitial connection requirement
Permission error inside SettingsRole does not allow the requested write

Work the relevant section below. Do not create a second account or workspace until you confirm the first one is actually missing.

2. Retry the Hosted Sign-In Method

Use the same method used previously:

  • Google
  • Apple
  • GitHub
  • email through the hosted identity flow
  • company SSO

The app remembers the last used provider in the browser and marks it Last used. That hint is local to the browser, not proof of the account's identity provider.

If a protected-page link sent you to sign-in, keep the return_to destination and complete authentication in the same browser. Unsafe external return destinations are rejected.

Rate-limited sign-in

The authentication start endpoint allows a limited number of attempts in a 15-minute window. Stop retrying repeatedly, wait for the window to clear, then try once.

Callback failed

If sign-in returns with an authentication-callback error:

  1. start again from the Sign-in page
  2. use the same provider
  3. allow required cookies in the browser
  4. avoid opening multiple simultaneous callback tabs
  5. record the time and final URL if it fails again

3. Resolve SSO Setup Required

The SSO error page appears when domain-based authentication cannot find a configured team or organization.

If you are a member

Contact the organization owner. Send the company domain and the SSO error text. Do not create a separate personal workspace unless the owner directs you to.

If you are the owner

  1. sign in through an available non-SSO owner identity
  2. open Settings → Account → Organizations
  3. create or select the organization
  4. confirm its company domain
  5. open the available identity administration link
  6. complete SSO configuration there
  7. test with a non-owner user

The workspace Security page does not configure SSO.

4. Restore Workspace Selection

A new user with no membership is sent to workspace creation. A user with more than one membership and no selected workspace must choose one rather than having the server guess.

If an existing user sees workspace creation unexpectedly:

  1. open the Teams page if available
  2. confirm the invitation was accepted by the same email used to sign in
  3. ask an owner to verify membership and role
  4. switch to the intended workspace
  5. reload the original page

Workspace invitations are email-specific. Signing in with another provider email can create or select a different local identity.

5. Recover MFA Access

No factor is enrolled

When the workspace requires MFA and no factor exists, the verification flow sends you to setup.

  1. generate the QR code
  2. add it to a TOTP authenticator
  3. enter the current six-digit code
  4. verify and return to the requested page

A valid code is rejected

  • confirm the code belongs to the displayed account
  • enable automatic time on the authenticator device
  • wait for the next code and enter it once
  • do not reuse a code after regenerating enrollment

A device is lost

Use another enrolled factor if one exists. After access is restored, open Settings → Account → Security, add a replacement, verify it, then remove the lost factor.

If every factor is unavailable, use public Contact. The current app does not show recovery codes or a self-service factor-reset path.

Last factor cannot be removed

The active membership is subject to the future-member MFA policy. Add another factor first.

6. Resolve Subscription Verification

New users without active access can be redirected to plan setup. After successful checkout, subscription activation can take time to synchronize.

  1. keep the checkout return page open
  2. wait for status polling
  3. use Retry status check after its timeout
  4. compare hosted billing before purchasing again

For an established workspace, open Settings → Billing and Manage billing. A billing restriction can permit reads but reject writes across the app.

7. Complete the Required Connections

Protected pages can show a blocking setup modal until the active workspace has:

  • Stripe connected
  • at least one bank connection

If one is already connected, the flow skips it. If the modal remains after both appear present:

  1. confirm both belong to the same active workspace
  2. wait for bank account selection and sync to complete
  3. refresh once
  4. return to the summary and select Finish setup
  5. contact support with provider, institution, time, and page URL if the checker remains stale

8. Diagnose Settings Permission Errors

Page visibility and write permission are separate.

  • General workspace changes require Owner.
  • Workspace Security changes require Owner.
  • Custom email-domain lifecycle requires Owner.
  • Billing delegates require Owner.
  • Notification writes require Owner or Member.
  • Plan checkout, portal, and cancellation allow Owner or Member.
  • Viewer can read team-scoped settings but cannot write them.

Switching to an owner account is safer than repeatedly submitting a visible control that the server rejects.

9. Profile Email and Sign-In Identity Differ

Changing Settings → Account → General → Email updates the local Eigenn profile. It does not verify or update the hosted identity provider in the same operation.

If sign-in still recognizes the old email, continue using the identity provider's address until its supported update process is complete. Ask an organization administrator for SSO identities.

10. Escalate Safely

When signed in, use Settings → Account → Support. When signed out, use the public Contact page and its published email.

Include:

  • sign-in method
  • profile email and company domain
  • workspace name
  • blocking page and URL
  • exact error message
  • timestamp and timezone
  • last successful access
  • whether another user can enter the workspace

Do not include secrets even when asked for more detail.

Related Pages

  • Security and Access
  • Onboarding and Support
  • Account Preferences
  • Set Up a Workspace
  • Teams and Organizations
  • Support

Set Up a Workspace

Create, secure, connect, and verify a workspace before inviting the operating team.

Webhook Delivery

Configure and test an app-specific Eigenn automation destination while accounting for its current retry and verification limits.

On this page

Protect Credentials First1. Identify the Blocking Stage2. Retry the Hosted Sign-In MethodRate-limited sign-inCallback failed3. Resolve SSO Setup RequiredIf you are a memberIf you are the owner4. Restore Workspace Selection5. Recover MFA AccessNo factor is enrolledA valid code is rejectedA device is lostLast factor cannot be removed6. Resolve Subscription Verification7. Complete the Required Connections8. Diagnose Settings Permission Errors9. Profile Email and Sign-In Identity Differ10. Escalate SafelyRelated Pages

Eigenn docs

current product

Overview
Overview
OverviewAccount PreferencesAssistant AutomationAssistant Command CenterBank ConnectionsBilling and UsageBudgets and ForecastCommand CenterCustomer LifecycleCustomer RecordsCustomersDeveloper PlatformDocument Processing and ExtractionDocument VaultFinancial Analytics and ReportsFinancial OverviewInvoice InsightsInvoice ProductsInvoicesMarketplace IntegrationsNotifications and BrandingOnboarding and SupportOverviewReceivablesReceivables AnalyticsReceivables ControlsSecurity and AccessSettings OverviewStress TestsTeams and OrganizationsTone Profiles and ExperimentsTransaction Categories and RulesTransactionsWeekly Finance RitualWorkflow ExecutionsWorkflow PausesWorkflowsWorkspace Inbox and Approvals
OverviewBuild and Review a ForecastBuild Your First WorkflowConfigure Assistant OperationsConfigure Notifications and BrandingConfigure Receivables ControlsConnect Transaction RecordsCreate and Manage CustomersCreate and Send InvoicesDeveloper API SetupFirst Cash ReviewInvoice Collection WorkflowMaintain Transaction RulesManage Security and BillingManage Team AccessManage the Invoice LifecycleMCP WorkflowsMonitor and Recover WorkflowsOrganize and Share DocumentsProcess Inbox ItemsReconcile and Categorize TransactionsReview a Customer Finance RecordRun a Finance Operating ReviewRun a Receivables Tone ExperimentRun a Runway Stress TestRun Your First Command Center ReviewSet Up a WorkspaceTroubleshoot Account AccessWebhook DeliveryWeekly CFO Review
OverviewIntegrationsMCPSDKsWebhooks
OverviewAuthenticationBank Accounts APICustomers APIErrorsForecasts and Stress Tests APIInvoice Payments APIInvoices APIPaginationRate LimitsTransactions APIWebhooks API StatusWorkflows API Status
Overview
Overview