User is logged Into wrong tenant when signing in with 2FA

After signing in with 2FA, the user is logged into an incorrect tenant.

This usually occurs because:

• The user exists in multiple tenants
• The passwords differ between those tenants

If passwords are different, the system treats them as separate users even if the email address is the same.

Resolution

Align passwords (recommended)

Update the user passwords so they match across all required tenants.

Once aligned:

• The user is recognised as a single identity
• All associated tenants should become visible
•  The correct tenant selection experience will be available 

Or, remove incorrect tenant association

If the user should no longer have access to a tenant:

• Remove the user association from that tenant. This can be actioned on the External Identity Management screen (MYSM2065)

Choosing the default tenant on first login

If an identity is associated to only a single tenant, that tenant will automatically be used as the default login tenant.

From version 25.2.1, the default tenant can be reset by:

1. Removing the association from the account in all tenants
2. Re-associating the account from the login screen, and selecting the tenant that should become the default tenant during the association process

This selected tenant will then be used as the default tenant on first login moving forward.