Overview
When a user is deleted, the associated Multi-Factor Authentication (MFA) authenticators are deleted automatically. This article will explain a few exceptions to this behavior.
Applies To
- Multi-Factor Authentication (MFA)
- User Management
Solution
- When a user is deleted by the Auth0 Management API (
DELETE /v2/users/{user_id}
), the associated MFA authenticators are deleted automatically, which means there is no need to explicitly call the MFA management API endpoints (e.g.DELETE /v2/users/{user_id}/authentication-methods
orDELETE /v2/users/{id}/authenticators
) to delete the associated MFA authenticators.- See the Delete a User documentation for more details.
- When deleting users on the tenant dashboard, the tenant dashboard calls the Auth0 Management API (
DELETE /v2/users/{user_id}
) to perform the user deletion behind the scenes, so there is also no need to explicitly delete the associated MFA authenticators. - The automatic MFA deletion does not apply to the scenario where the user is deleted in batch. For example, deleting a connection will delete all the users under it (batch deletion), but it will not delete the MFA authenticators that are associated with the users in the deleted connection. The same applies to the scenario of deleting a tenant.
- In this case, the MFA authenticators of each user must be deleted before deleting the connection or tenant.