I'm trying to log in to Wiz, but it is not working all of a sudden
If you cannot log in all of a sudden, it might be that your domain was added to another Wiz tenant. In this case, you must log in using the Wiz multi-tenant login flow:
SSO users
- Open the Wiz multi-tenant login page.
- Enter the email address associated with your Wiz account.
- Enter your tenant's short name. Make sure to type the tenant's short name with lowercase letters.
- Click "Continue".
- Click on the relevant SSO entry.
Local users
- Open the Wiz multi-tenant login page.
- Enter the email address associated with your Wiz account.
- Enter your tenant's short name. Make sure to type the tenant's short name with lowercase letters.
- Click "Continue".
- Enter your password.
- Click "Login with Password".
I have a Wiz local user and I forgot my password
If you forgot your password, the easiest thing to do is contact a global admin:
- They can reset your password directly from the Settings > Access Management > User Management page by clicking "More Options > Reset password".
- If they cannot reset your password, they should delete and re-invite you from the Settings > Access Management > User Management page by clicking More Options > Delete and then clicking Invite User.
If you are the only global admin, use the forgot password flow:
If your email address' domain is verified on a single Wiz tenant:
- Open the Reset password page.
- Enter your email address and click "Continue". A password reset link is sent to your email.
- Click the link in the email sent by Wiz and follow the instructions.
If your email address' domain is verified on multiple Wiz tenants:
- Open the Reset password page.
- Click More than one tenant?
- Enter your email address and tenant's short name, then click "Continue". A password reset link is sent to your email.
- Click the link in the email sent by Wiz and follow the instructions.
If the forgot password flow is not working or you are unsure if your email address' domain is verified on multiple Wiz tenants, contact Wiz support from an email address associated with your Wiz account.
I lost access to my MFA device or need to switch devices, but I don't have a recovery code
Follow these steps:
-
- Ask your global admin to delete your account.
- Remove the account from your authenticator app.
- Ask the global admin to re-invite you from the Settings > Access Management > User Management page. This will trigger the password and MFA setup.
If you are the only global admin in your tenant, contact Wiz support and provide us with:
- The email address associated with your Wiz account
- If you use advanced login - your tenant's short name
Additional verification will be performed by Wiz support.
I get a "MFA invalid or expired code" message after scanning my Multi-Factor Authentication code
When a newly-invited user is using the invite link for the first time, they need to set up MFA after choosing a password. If you received this error, you either used a push-only app or opened the invite link while you were still logged in to a tenant in the same Wiz environment.
Try the following:
- Ensure you’re either logged out completely or accept the invite via an incognito/inPrivate window.
- If the invite link was sent for a newly provisioned tenant (within the first 15 minutes of the tenant being provisioned) - wait for 15 minutes before trying again.
- Ensure the clock on the device running the authenticator app is properly set (both time and timezone):
-
For IOS devices:
- Go to your phone's Settings
- Scroll down and click "General"
- Scroll down and click "Date & Time"
- Select "true" for Set Automatically
- Close and reopen the Google Authenticator/Microsoft Authenticator app.
-
For Android devices:
- Go to the main menu of the Google/Microsoft Authenticator app.
- On the top left side, click ≡
- Click "Settings".
- Click "Time correction for codes".
- Click "Sync now".
- The message displayed will confirm if the time has been synchronized or if it was already correct.
-
For IOS devices:
I get a "Missing RBAC Role" error message when trying to log in to Wiz
Contact your Wiz admin and ask them to map a group to a Wiz role. Provide the admin with the SAML Role Mapping page.
If you are using your Identity Provider for Authentication but not Authorization, you will need to pre/post-provision users. When post-provisioning, a Wiz admin will be required to edit the respective user once they have received the above error and assign them a role manually. This should allow them to login successfully on the next attempt.
When trying to log in, I get a "Value of custom:saml_groups must have a length less than or equal to 2048 characters" message
Request your Wiz admin to review the relevant Single Sign-on setup documentation.
I can't access the main doc set
- Log in to the Wiz portal.
- At the top right, click ? > Documentation.
- If you receive an error message stating {"Status":400,"message":"Email is required"}, then your Single Sign-on (SSO) tool is not configured correctly to pass email addresses when logging in to Wiz.
- Contact your local Wiz admin. Ask them (nicely) to log in to Wiz via a local user (not via SSO) and validate that your SSO is configured properly.
If all else fails, contact Wiz support.