Overview
There may be times when you need to remove Two-Factor Authentication (2FA), also called Multi-Factor Authentication (MFA), from a user’s account. This might be necessary if the user has lost access to their authenticator app, changed devices, or needs to reset their 2FA setup.
Follow the steps below to safely unenroll a user from 2FA and ensure their authenticator app is cleared for future setup.
Steps to Unenroll a User from 2FA
Video Walkthrough
- Login to the store’s Admin Panel.
- Locate the user account for which you want to deactivate 2FA.
- Next to the user’s account details, click “Unenroll MFA.”
- Wait a few seconds until you see the confirmation message that the user has been successfully unenrolled from 2FA.
Important Next Step: Remove 2FA Entry from Authenticator App
Once you’ve unenrolled the user, make sure to remove the 2FA code entry from the authenticator app on their device.
This prevents confusion later and ensures a clean setup if 2FA is reactivated in the future.
Below are the steps to remove an account from Google Authenticator (the process is similar in other apps like Authy or Microsoft Authenticator):
- Open the Google Authenticator app on your Android or iOS device.
- Find the account you want to remove from the list.
- Swipe left on the account to reveal the delete option, then tap Delete.
- Alternatively: Long-press the account, tap the pencil icon (edit), and then tap the trash can icon at the top right to remove it.
- Confirm the removal when prompted.
What Happens Next
That’s it! The user’s account is now unenrolled from MFA/2FA. When they log in again, they will not be prompted for a verification code.
However, if their user group has MFA required, they’ll be prompted to set up 2FA again during their next login session.