Skip to content
View in the app

A better way to browse. Learn more.
Enpass Discussion Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
We’re on Reddit now, Come and join us there!!

Unable to Re-authenticate – Session Expired on Corporate macOS Device

fantasista
in Desktop

Featured Replies

Hello Enpass Support Team,

I am writing to request assistance with a re-authentication issue on my macOS device that I have been unable to resolve on my own.

Issue:

Enpass displays a "Session Expired" error and requires me to re-authenticate via email OTP. However, the OTP verification process fails consistently, preventing me from accessing my vault entirely.

Environment:

- Device: Corporate-managed MacBook Pro (Apple M2, macOS 26.5.1)

- Enpass version: 6.12.2 (App Store)

- The device is managed by our IT department and has Cisco Secure Client (AnyConnect) installed, which includes:

- Cisco Umbrella DNS – blocks resolution of rest.enpass.io

- Cisco SSL Inspection – replaces TLS certificates with a corporate CA certificate

- Socket Filter – intercepts all network traffic at the kernel level

Root cause (as I understand it):

Enpass's built-in OpenSSL does not trust the corporate CA certificate injected by Cisco SSL inspection, and Cisco Umbrella DNS blocks rest.enpass.io entirely. As a result, Enpass cannot reach your authentication servers to complete the OTP flow, even though the OTP email is successfully delivered to my inbox.

What I have tried:

- Adding the corporate CA certificate to the macOS system keychain (Enpass does not use the system keychain)

- Modifying /etc/hosts to bypass DNS blocking (network traffic is still intercepted by Cisco at the kernel level)

- Contacting my IT department is not an option in my situation

What I need:

I would appreciate guidance on any of the following:

1. An alternative authentication method that does not rely on rest.enpass.io (e.g., offline re-authentication, QR code, or backup code)

2. A way to reset or extend my session without requiring a network connection to your servers

3. Any tool or procedure to manually restore authenticated access to my local vault

My vault data remains intact on the device and in cloud storage. I simply cannot pass the re-authentication screen due to the corporate network restrictions described above.

Thank you for your time and support. I look forward to your response.

Create an account or sign in to comment
Go to topic listing

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.