This article covers sign-in issues with the Torq App at https://app.torq.io (US), https://app.eu.torq.io (EU), or https://app.jp.torq.io (JP). For Torq Academy login issues, email academy@torq.io. For Torq Support Portal access, sign in to the Torq App first, then use the Knowledge Hub widget.
"Incorrect email or password" after redirecting from the IdP
Symptoms
The browser redirects to the IdP, sign-in succeeds, the browser redirects back to Torq, then an "Incorrect email or password" error appears (or similar).
Common causes
Stale browser session.
Missing or mismatched email claim mapping.
The IdP not sending the attribute Torq expects (
roles,groups,memberOf).Group claim values sent as full distinguished names.(
CN=GroupName,OU=Groups,O=Domain) instead of short group names.
Resolution steps
Try a private or incognito window: If sign-in succeeds, a stale browser session is the cause.
Clear cookies: Clear cookies for
torq.ioand the IdP, then retry.Check claim mappings: Go to Settings → Security → SSO → Claim mappings and confirm the configured names and values match what the IdP sends in the token.
Restore the email claim mapping: If the email claim mapping was removed or changed during debugging, restore it. The email claim is the fallback that prevents administrator lockout.
If claim mappings look correct and the IdP configuration matches, but users still cannot sign in, the cached claim state on Torq's side may be stale. In this case, file a ticket.
Blank screen or sign-in form behaves erratically
Symptoms
The Torq UI loads a blank page after a successful sign-in. On the sign-in page, the email field clears on click-away, or the Sign in button never enables.
Common causes
Stale browser tokens.
Third-party cookie blocking.
A browser extension interfering with the page or form (ad blockers, password managers, or any extension that injects scripts or auto-fills fields).
Resolution steps
Try a private or incognito window: If sign-in succeeds, an extension or cached state is the cause.
Disable browser extensions: Disable extensions for
torq.io, or use per-site exclusion features if available.Close and reopen the browser: If extensions cannot be disabled (for example, managed by IT policy), close all browser windows and reopen before retrying. This often clears the interference for the next session.
Check cookie settings: Confirm the browser allows third-party cookies for
torq.io.
If a user signs in via SSO successfully but lands on a stripped-down UI (no workflows, no cases, settings missing), the SSO claim may not match any workspace claim mappings. In that state, the user gets Interact-only access. See "Incorrect email or password" after redirecting from the IdP for the claim-mapping troubleshooting steps.
If the issue persists in incognito with no extensions and across multiple browsers, file a ticket with a HAR file capturing the failed load.
Authenticator (2FA) prompt does not accept the code
Symptoms
The user signs in with a password, sees the 2FA prompt, enters a code from the authenticator app, and gets a "Something went wrong" error.
Common causes
The authenticator app is configured for the wrong account.
Device clock drift.
The user has lost access to the previous authenticator (new phone, device reset).
Resolution steps
Confirm the authenticator account: Confirm the authenticator app is configured for the user's Torq account, not another account on the same app.
Check device clock: Confirm the device clock is synchronized.
Reset 2FA: If the user lost access to the authenticator, a Workspace Owner can reset 2FA at Settings > Users > <user_name> > Reset 2FA. The user is prompted to scan a new QR code on the next sign-in.
If 2FA was reset and the user still cannot complete the prompt, file a ticket.
Users cannot sign in (some or all)
Symptoms
A subset of users cannot sign in via SSO while others on the same IdP can. Or, all users suddenly cannot sign in despite no recent changes.
Resolution steps
Some users only
Usually caused by affected users not being in the correct IdP group, stale cached claim state on Torq's side after recent IdP changes, or a claim mapping change that matched some users but not others.
Check group membership: Confirm the affected users are in the correct group(s) in the IdP and that membership has propagated.
Compare IdP output to claim mappings: Check whether group names are sent as full distinguished names rather than short names.
All users at once
Usually caused by an IdP-side outage or an expired certificate, client secret, or other credential.
Confirm IdP status: Confirm the IdP is operational.
Check credentials: Confirm the IdP signing certificate, client secret, or other credentials have not expired or been rotated without updating Torq.
Microsoft Entra ID users seeing
AADSTS7000215: Invalid client secret provided
The secret Torq is sending does not match what the Entra ID application expects. Two common causes:
Wrong field pasted: The Secret ID was pasted in Torq instead of the Secret Value. Entra ID displays both fields; only the Value works.
Expired secret: The client secret has expired. Generate a new one in Entra ID, then update it in Torq at Settings > Security > SSO.
Still stuck? File a support ticket
Include the following:
The exact error message and URL.
A HAR file (browser dev tools > Network > Export HAR).
Browser name and version.
The affected user's email.
The time the issue started.
Whether all or only some users are affected.
Any recent IdP-side changes (group membership, certificate rotation, secret update).
If the issue is not preventing workspace admins from accessing the workspace, Grant Temporary Workspace Access to Torq Support to speed things up.
