To onboard users with QR code you should configure authentication domain with "ntk cfg setc :auth_domain https://2fa.example.com" where 2fa.example.com is your Notakey Authentication Server API FQDN or else automatically detected fallback domain may be used incorrectly for QR codes copied from management dashboard.


If you have configured SRV record for your domain (_notakey2._tcp.example.com), configure  authentication domain as "ntk cfg setc :auth_domain example.com". 


Note that authentication server service has to be restarted after changes with “ntk as restart”.