Reset a user's 2FA enrollments
The procedure to reset a user's 2FA enrollments depends on the 2FA option selected in your HelloID environment: Fixed vs. dynamic 2FA.
Use this method when your portal access rule or application access rule is set to Let The User Choose Their MFA Option.
Go to Directory > Users.
For the relevant user, click Reset Second Factor.
In the dialog box, select the factor type(s) to reset for the user.
Tip
if the user has enrolled multiple factors of a single type, resetting that type will remove all enrolled factors of that type.
To confirm, click Reset.
If the user has no factors remaining after the reset, they will be prompted to re-enroll a factor during their next login. They can also re-enroll additional factors in their end user security overview.
Use this method when your portal access rule or application access rule is set to an option under What type of two-factor do you want to enable?.
This method requires making API calls.
Make an update user API request containing one of the following request bodies, depending on the factor type you want to reset:
SMS
{ "userAttributes": { "phonenumber": "" } }
Authenticator app
{ "userAttributes": { "googleAuthenticatorSecret": "" } }
Private email
{ "userAttributes": { "privateEmail": "" } }
The user's enrollments are reset for the relevant type, and the user will be prompted to re-enroll during their next login.