Google authenticator tokens not working

Question

Hello, 
 My organisation has a problem since we installed the latest version 17 firmware. When we sync new users from active directory and provide them with a new token using the google or Microsoft authenticator the tokens do not work. We have logged a call with support and they have taken logs and logs and found nothing and now they say Google tokens are not supported and sent me an article from 2019. 
 The tokens work in the Sophos Authenticator fine but the codes are different from the Google one and take longer to change which makes me think the Sophos XG isn't syncing with Google. 
 Sophos also said no one else has the problem which I find hard to believe and I know someone who has tried their setup and there isn't a problem with theirs. I have checked the time on the XG and the machines I'm connecting from and they match however the Sophos authenticator wouldn't work if it was a time issue. 
 Please let me know if there is anything else that can be tried or if anyone else has the problem?

Tragikcomic2 · Accepted Answer

I had this problem awhile back. It was because I changed the default token timestep under Authentication - One time password - settings. Anything other than the default of 30 seconds will make the Google Authenticator or any other Authenticator that is not the Sophos one not function. Once I changed it back to default they all started working again.

Alexander Sennhauser · Answer

The same was observed in our environments. Tokens generated as part of the auto-enrollment process within the XG firewall box are not accepted by the Google Authenticator app. 
 However, generating tokens manually works like a charm. We used the following Python one liner to do so: 
 $ python3.6 -c 'import secrets; print(secrets.token_hex(60))' 
 Once thing to note is that one-time tokens cannot exceed 120 chars.