Home · Docs · Troubleshooting

URIP Troubleshooting Guide

Last updated: 2026-04-29 Status: Stable Entries: 23

Quick Diagnosis

Before diving into a specific issue, run through this checklist:

  1. Can you reach the URIP sign-in page in your browser?
  2. Is your session still active? Try signing out and back in.
  3. Has your browser console (F12 → Console) shown a message? Note it before contacting support.

Issue Index

Login Fails

Symptom: "Invalid credentials" error after entering email and password.

Cause: The email or password entered does not match your registered account, or your account is temporarily locked.

Fix:

Cause Fix
Typo in email or password Re-enter carefully. Passwords are case-sensitive.
Account not yet registered Ask your administrator to send you a registration invite.
Account locked after too many failed attempts Wait 15 minutes, then try again. Or ask your administrator to unlock your account.
Tenant not active Ask your administrator to confirm your organisation's account is active.

How to verify: Successful sign-in takes you to the Risk Dashboard or to the MFA verification prompt.

See also: QUICKSTART.md — Step 2

MFA Issue

Lost Authenticator / New Phone

Symptom: You cannot generate the 6-digit code (lost phone, deleted app, or new device).

Fix: 1. Contact your URIP administrator 2. The administrator resets your MFA from Settings → Users → your account → Reset MFA 3. On your next sign-in, you will be taken through MFA enrolment again 4. Scan the new QR code and verify the code

If you are the administrator and have no other admins: Contact URIP support with proof of identity. MFA cannot be bypassed without administrator action.

Code Says "Invalid"

Symptom: The code from your authenticator app is rejected even though it looks correct.

Cause: Your phone's clock is not synchronised with the server. URIP codes are time-based and require clocks to be within 30 seconds of each other.

Fix: - iPhone: Settings → General → Date & Time → turn on "Set Automatically" - Android: Settings → Date & Time → turn on "Automatic date & time"

How to verify: After syncing your clock, a fresh code is accepted and you land on the dashboard.

Connector Not Pulling

Symptom: A connector shows as configured (green checkmark) in the Tool Catalog, but no risks appear in the Risk Register after 30 minutes.

Diagnosis steps:

  1. Go to Connector Status in the left-hand navigation and check the status pill for the connector: - Green (ok) — the connector is working, but the tool may genuinely have no findings right now - Yellow (degraded) — the connector retrieved some data but not all; check the error message shown - Red (error) — the connector is failing to retrieve data; read the last error message

  2. If the status is error, click the connector tile and read the Last Error field.

Common error messages and fixes:

Error Message Cause Fix
HTTP 401 from [tool name] Your API key has expired or been revoked Generate a new API key in your tool's admin portal and update it in the Tool Catalog
HTTP 403 — insufficient permissions The API key does not have the required read access Ask your tool administrator to add the required permissions to the API credential
Connection timeout The tool's API is temporarily unavailable Check the vendor's status page and try again in 15 minutes
Rate limited (HTTP 429) Too many requests to the vendor API URIP automatically backs off; the connector will retry within an hour
  1. To trigger an immediate retry: Tool Catalog → click the connector tile → click Run Now (requires CISO role or above).

Note: Some tools legitimately return zero findings when no scans have run recently. Zero findings does not mean the connector is broken.

Connector Test Fails

Symptom: Clicking Test Connection in the connector setup drawer returns an error.

Error Cause Fix
Invalid Access Key format The field contains extra spaces or line breaks Copy and paste the key carefully; remove any trailing whitespace
HTTP 403 from [vendor] The credential does not have the required permissions Check the Prerequisites section in the connector drawer
Could not resolve host The URL field contains a typo Check the vendor's documentation for the correct API URL
API token has expired Some vendors issue tokens with short lifetimes Generate a fresh token in the vendor portal
Tenant ID mismatch The credential is scoped to a different account or region Make sure the API token covers the account you are trying to connect

How to verify: A green confirmation message that includes the number of assets or findings found.

Framework Not Found

Symptom: The Compliance Frameworks page shows an empty grid, or a specific framework shows "Framework data not available."

Cause: The compliance framework data has not been loaded for your organisation yet.

Fix: Contact your URIP administrator or reach out to URIP support — the framework data needs to be initialised for your account. This is a one-time setup step.

How to verify: Navigate to the Compliance Frameworks page — all 20 framework tiles are visible and clickable.

Compliance Score Always 0%

Symptom: A framework is activated, but the compliance score shows 0% or "Not evaluated."

Causes and fixes:

  1. No connectors configured — The compliance score is calculated from your connected tool data. Without any connectors, no controls can pass. - Fix: Configure at least one connector and wait for a data pull.

  2. The first data pull has not completed yet — The first pull can take up to 15 minutes. - Fix: Wait 15 minutes after setting up your connector, or click Run Now in the Tool Catalog.

  3. This control needs a specific tool — Some controls require particular tools (for example, access control evidence requires an identity provider like Microsoft Entra or Okta). - Fix: Open the failing control's detail view — it shows which tools provide evidence for that control.

  4. The compliance engine has not re-run yet — The engine re-evaluates controls once per hour. - Fix: Wait up to one hour after your connector data arrives.

How to verify: Navigate to the Controls page — at least some controls should show a "pass" status.

Risk Register Empty

Symptom: A connector is configured and healthy, but the Risk Register shows no findings.

Causes and fixes:

  1. First data pull has not completed — Wait up to 15 minutes after configuring a connector.
  2. The tool has no findings — If your scanner finds no vulnerabilities, URIP shows no risks. This is correct — it means you are clean.
  3. Deduplication merged findings — If the same vulnerability was already reported by another tool, it appears as one row rather than multiple.
  4. A filter is active — Check the Risk Register filter bar — a filter may be hiding results. Click Clear Filters.
  5. Wrong account — Confirm you are signed in to the correct organisation.

Diagnosis: Go to Connector Status → click the connector → check the Last records retrieved count from the most recent pull.

Browser Console Showing Security Policy Warnings

Symptom: Your browser's developer console (F12 → Console) is showing repeated "Content Security Policy" messages.

Cause: A third-party resource (such as a browser extension or a custom plugin) is attempting to load a resource that URIP's security policy does not permit.

Fix: These messages do not affect URIP's functionality. They are security policy logs, not application errors. If you are self-hosting URIP, ask your IT administrator to review the allowed content sources in the web server configuration.

How to verify: URIP continues to function normally regardless of these messages.

Slow Dashboard Queries

Symptom: The Risk Dashboard takes more than a few seconds to load, or the Risk Register is slow to paginate.

Cause: Usually occurs when a large volume of findings has been ingested for the first time, or when the underlying infrastructure needs attention.

Fix for standard users: Try refreshing the page. If slowness persists beyond 30 seconds, contact your administrator or URIP support.

Fix for self-hosted administrators: Contact URIP support for guidance on database optimisation. Do not run manual database commands unless instructed by URIP support.

How to verify: The dashboard loads within a few seconds consistently.

MFA QR Code Not Scanning

Symptom: The QR code on the MFA enrolment page does not scan with your authenticator app.

Causes: - Screen brightness too low - Camera held too close or too far from the screen - Browser is zoomed in or out

Fix: 1. Increase your screen brightness 2. Hold your phone 20–30 cm from the screen 3. Reset your browser zoom to 100% (press Ctrl+0 on Windows, Cmd+0 on Mac) 4. If scanning still fails, look for the "Can't scan?" link below the QR code — it reveals a code you can type in manually

Password Reset Email Not Received

Symptom: You clicked "Forgot password?" but no email arrived within 5 minutes.

Fix: 1. Check your spam or junk folder (the sender is from the URIP domain) 2. Make sure you entered the correct email address — the one you registered with 3. Password reset links expire after 1 hour — if it has expired, request a new one 4. If your organisation filters inbound email, ask your IT team to whitelist emails from the URIP domain

How to verify: The reset email arrives and the link takes you to a page where you can set a new password.

Jira / ServiceNow Tickets Not Auto-Creating

Symptom: A risk is assigned to a team member, but no Jira or ServiceNow ticket appears.

Causes and fixes:

  1. The ITSM connector is not configured — Connecting Jira or ServiceNow for ticket creation is a separate step from other tool connectors. Go to the Tool Catalog and configure the Jira or ServiceNow connector.
  2. Auto-ticket creation is not enabled — In the Tool Catalog, open the Jira or ServiceNow connector drawer and enable Auto-ticket on assignment.
  3. The project key does not match — The project identifier in the connector settings must exactly match an existing project in your Jira or ServiceNow account.
  4. The API token has expired — Regenerate the token in your Jira or ServiceNow account and update it in the Tool Catalog.

How to verify: Assign a test risk — a corresponding ticket should appear in Jira or ServiceNow within 30 seconds.

Webhook Not Triggering Risk Close

Symptom: A Jira ticket is marked as resolved, but the URIP risk status does not update to "Pending Retest."

Cause: The webhook that notifies URIP when a ticket is closed is not configured in Jira, or the shared secret does not match.

Fix: 1. Sign in to your Jira account → Project Settings → Automation → Webhooks 2. Create a webhook pointing to the URL shown in URIP's Jira connector settings 3. Set the shared secret to match the value shown in URIP's Jira connector configuration 4. Set the webhook to fire when an issue transitions to "Done" or "Resolved"

How to verify: Resolve a test ticket in Jira — the corresponding URIP risk should change to "Pending Retest" within 30 seconds.

Asset Inventory Empty

Symptom: The Asset Inventory page shows no assets.

Cause: Assets are discovered automatically from connector data during the first data pull. If no connectors are configured, no assets are discovered.

Fix: Configure at least one connector that provides asset discovery — for example, Tenable, CrowdStrike, SentinelOne, ManageEngine Endpoint Central, or Armis. After the first data pull completes, assets appear automatically.

Symptom: An invited auditor clicks their invitation link and sees "Token expired" or "Not found."

Causes and fixes:

Cause Fix
The invitation link has expired (default expiry: 30 days) Go to Compliance → Auditor Invitations → find the expired invitation → Revoke → create a new invitation
The link was truncated when copied into email Ask the auditor to copy the full link — it is long and must be complete

How to reissue: Navigate to Compliance → Auditor Invitations → click New Invitation → set a new expiry period → copy and send the new link.

Report PDF Fails to Generate

Symptom: Clicking Generate Report on the Reports page shows an error or a spinner that never resolves.

Causes: - No controls have been evaluated yet (the compliance engine has not run) - A temporary issue with the report generation service

Fix for standard users: Wait until the compliance engine has run (up to 1 hour after connector data arrives), then try generating the report again. If the problem persists, contact URIP support.

Workaround: While waiting, you can export individual control tables as CSV from the Controls page and assemble them manually.

Self-Hosted: Service Won't Start

Symptom: One or more URIP services fail to start after deployment.

Cause: Configuration or environment issues in your self-hosted installation.

Fix: Contact URIP support and provide: - Which component is failing to start - The error message from the service logs - Your deployment environment details (operating system, version)

URIP support will guide you through the correct configuration for your environment. Do not attempt to modify service configuration files without guidance — incorrect changes can cause data loss.

How to verify: All services show a healthy status and you can sign in to URIP successfully.

Dashboard Shows 0 Risks but Connector Is Configured

Symptom: The Risk Dashboard shows 0 total risks, but you have at least one connector showing as healthy (green).

Causes and fixes:

  1. First data pull has not completed — Wait up to 15 minutes after saving the connector. High-volume connectors poll every 15 minutes; the first pull may still be queued. - Fix: Go to Connector Status and check Last poll timestamp. If it says "Never", wait 15 minutes and refresh.

  2. The tool genuinely has zero findings — If your scanner last ran against a clean environment, zero risks is correct. - Fix: Verify in the vendor's own console that there are open findings. If their console also shows zero, URIP is correct.

  3. All findings are filtered out by severity — If your Risk Register filter is set to "Critical only" and the tool only has Medium findings, the dashboard may show 0. - Fix: Click Clear Filters on the Risk Register.

  4. Deduplication merged everything — If you have multiple connectors and the same findings were merged, the count is lower than expected. - Fix: This is correct behaviour. Check the Risk Register source column to confirm both connectors are listed.

  5. Connector is healthy but the wrong account — The API credential may be for a demo or sandbox account with no real data. - Fix: Re-test the connector and verify the asset count and finding count shown in the test result.

Module Toggle Is Greyed Out

Symptom: In Admin → Modules, the toggle next to a module (e.g., CSPM, DSPM, Auto-Remediation) is greyed out and cannot be clicked.

Causes and fixes:

Cause Fix
Module is not licensed Contact your URIP account manager to add the module to your subscription
Prerequisite connector is missing Some modules require a specific connector first. CSPM needs a cloud connector; DSPM needs BigID or Varonis. Configure the prerequisite connector, then the toggle becomes active
You are not a Super-Admin Only Super-Admins can enable modules. Ask your administrator to enable it
Tenant is on a legacy plan Some older plans do not include newer modules. Your account manager can confirm

Symptom: Your external auditor emails you saying their invitation link does not work.

Causes and fixes:

  1. The link expired — Auditor invitations expire after the period you set (7 / 14 / 30 / 60 / 90 days). - Fix: Go to Compliance → Auditor Invitations → find the expired invite → Revoke → create a new invitation with a fresh expiry.

  2. The URL was truncated — Invitation URLs are long. If copied into an email body, some email clients break them across lines. - Fix: Send the link as a plain-text file attachment, or paste it into a shared document, or use a URL shortener internally.

  3. The auditor's browser blocks the page — Ad blockers or corporate proxies sometimes block unknown domains. - Fix: Ask the auditor to try a different browser or network, or whitelist your URIP domain.

  4. Wrong framework scope — If you scoped the invitation to SOC 2 only and the auditor is trying to view ISO 27001, they will see "No frameworks available." - Fix: Revoke and reissue with the correct frameworks selected.

Duplicate Risk from Two Connectors

Symptom: You see what looks like the same vulnerability twice in the Risk Register, but with different IDs.

Diagnosis: 1. Click each risk to open the detail drawer 2. Check the Source field 3. If both risks show the same CVE on the same asset, deduplication should have merged them

Why deduplication sometimes misses a merge: - The asset is identified differently by each tool (IP vs hostname vs cloud instance ID) - One connector uses an older CVE alias that URIP has not yet mapped to the canonical ID - The finding types are different (e.g., one is a CVE and the other is a configuration issue)

Fix: - If the risks are genuinely the same: manually Suppress the lower-score duplicate and add a note explaining why - If the risks are different finding types on the same asset: keep both — they may need different remediation actions

Changed SLA Hours but Old Risks Not Updated

Symptom: You changed the SLA bands in Admin → Scoring (e.g., Critical from 7 days to 3 days), but existing risks still show their old due dates.

Cause: SLA changes apply to new risks and new assignments by default. Existing risks retain the SLA that was active when they were created or last assigned.

Fix: 1. Navigate to Risk Register 2. Select the risks you want to update 3. Click Bulk Assign → select the same assignee (or a new one) → set a new due date 4. The new SLA band is applied from the date of reassignment

Alternative: For a global recalculation, contact URIP support. A super-admin can trigger a background job that recomputes all SLAs from the current scoring configuration.

Forgot Password and No Recovery Code

Symptom: A user forgot their password and also lost their MFA backup codes.

Fix: 1. The user must contact their URIP administrator (CISO or Super-Admin) 2. The administrator goes to Settings → Users 3. Finds the user and clicks Reset Password — a reset link is sent to the user's email 4. Also clicks Reset MFA — the user will be forced to re-enrol on next login 5. The user checks email, sets a new password, scans a new MFA QR code, and saves new backup codes

If the only admin is locked out: Contact URIP support with proof of identity. This is the only scenario where URIP support can override MFA — and it requires a formal identity-verification process.

Still Stuck?

If none of the above resolves your issue:

  1. Note the exact error message you are seeing and which page you were on
  2. Note the time the issue occurred
  3. Contact your URIP administrator or reach out to URIP support with these details

Your administrator can escalate to URIP support on your behalf if needed.

See Also

← Back to docs hub