diff --git a/app/api/auth/router_mfa.py b/app/api/auth/router_mfa.py
index 50af3283..72ce3963 100644
--- a/app/api/auth/router_mfa.py
+++ b/app/api/auth/router_mfa.py
@@ -280,7 +280,7 @@ async def two_factor_protocol(
         )
         return MFAChallengeResponse(status="bypass", message="")
 
-    except MultifactorAPI.MultifactorError:
+    except MultifactorAPI.MultifactorError as error:
         if network_policy.bypass_service_failure:
             await create_and_set_session_key(
                 user,
@@ -296,7 +296,7 @@ async def two_factor_protocol(
         logger.critical(f"API error {traceback.format_exc()}")
         raise HTTPException(
             status.HTTP_406_NOT_ACCEPTABLE,
-            "Multifactor error",
+            str(error),
         )
 
     return MFAChallengeResponse(status="pending", message=redirect_url)
diff --git a/app/ldap_protocol/multifactor.py b/app/ldap_protocol/multifactor.py
index e9185247..155e8af1 100644
--- a/app/ldap_protocol/multifactor.py
+++ b/app/ldap_protocol/multifactor.py
@@ -244,12 +244,19 @@ async def get_create_mfa(
         if response.status_code == 401:
             raise self.MFAMissconfiguredError("API Key or Secret is invalid")
 
-        if response.status_code != 200:
-            raise self.MultifactorError("Status error")
+        if response.status_code == 403:
+            raise self.MultifactorError("Incorrect resource")
+
+        if response.status_code == 429:
+            raise self.MultifactorError("API calls quota exceeded")
 
         try:
             response_data = response.json()
             log_mfa.info(response_data)
+
+            if response_data.get("success") is False:
+                raise self.MultifactorError(response_data.get("message"))
+
             return response_data["model"]["url"]
         except (JSONDecodeError, KeyError) as err:
             raise self.MultifactorError(f"MFA API error: {err}") from err