Access Policy Violation Error

Safari has a built-in privacy feature that allows individuals to block IP address tracking. This conflicts with a security checks that Secure Connect has in place. Beyond Identity will try to match Safari's IP address with the IP address that Beyond Identity sees on your internet connection. Both numbers should match in a legitimate login request.

If Beyond Identity sees your IP address, but Safari shows a blank IP address, then Secure Connect assumes that a malicious third party is trying to access your account and will not allow you to log in.

You can either use a different browser, or uncheck "Hide IP address from trackers" in Safari's preferences. To do this:

1. Under the Safari menu click Settings.
2. Click Privacy.
3. Uncheck Hide IP address from trackers.

Passkeys Don't Work for VPN or Outlook/Office Online

Most CUWebLogin services will work with your passkey. However, VPN and services that use Microsoft Azure login (like Office online) will still require a password and two-step authentication. 

My Biometric Device Isn't Working and I Can't Authenticate 

Use a different browser to access the service. If all of your browsers are set to use passkeys, then open one of them in "incognito" or "private" mode to access the system with your NetID, password, and Duo login.

Invalid Nonce Error

Every once in a while when you try to log in with your passkey, you'll see an Invalid Nonce error. This happens due to a millisecond difference with your computer clock that automatically resolves itself. When you attempt to access the site again, your passkey should work properly.

Stale Request Error

When you attempt to log in you may see a CUWebLogin message saying "Stale Request."

This usually happens when your login does not complete within a two-minute timeframe.

Log in to your application from the beginning using your bookmark or by retyping the URL in the address bar. If this message persists, contact the IT Service Desk.