We allow our user to either choose between SMS or google authenticator app.
and the first time they pick one the process runs through just fine.
When a user wants to change, out api get this error:
{"error"=>"access_denied", "error_description"=>"User is already enrolled."}
Any help would be much appreciated 
Hello!
Could you give us more technical information about how you perform this MFA factor change?
Thanks.
Thanks for replying
Well, to associate an OTP device I use:
mfa_token using the /token/mfa/associate end point using the new mfa_token from step 1headers = { 'Content-Type' => 'application/json', 'Authorization' => "Bearer #{mfa_token}" } body = { authenticator_types: ['otp'], scope: 'enroll read:authenticators remove:authenticators', audience: "#{RunEnv.var!('AUTH0_BASE_URL')}/mfa/" } request = HTTParty.post( "#{RunEnv.var!('AUTH0_BASE_URL')}/mfa/associate", body: body.to_json, headers: headers )
Worth to say, that the first time I associate a device it works fine
Unfortunately, you can’t overwrite the factor. First, you should remove the google authenticator app and then add the SMS factor (or backwards). I hope that information is useful.
Thanks.
Great, thanks for the response, now that you mention the deletion I must link to my previous question
I could add more code, if needed.
@lucas.sonich I’ve deleted the previous factor successfully (response 204 and it’s not shown anymore in the dashboard).
When adding the new factor (same code as shown above), I still receive the same response: {"error"=>"access_denied", "error_description"=>"User is already enrolled."}
Any idea how to proceed?
Thanks in advance
Hello again!
Could you please give us more details about the call and the specific request that your are making.
Thanks.