MFA reset issue: sms provider is still present

Hello everyone,

I am using the pre-made Rule Require MFA Enrollment to ensure my users have at least one enrollment. I want to reset a user’s MFA and I want the rule to apply to them again. But it does not work.

The user still has one enrollment, even though an API call to /users/<id>/enrollments returns nothing. The Raw JSON shows the following attribute for.a user whose MFA was resetted:

{"multifactor": ["sms"]}

And I do not know how to remove that attribute.

  • Clicking Reset MFA in a user’s profile doesn’t remove it.
  • Calling DELETE /guardian/enrollments/<id> doesn’t work because the user has no enrollment returned by /users/<id>/enrollments.
  • Calling DELETE /users/<id>/multifactor/sms doesn’t work, because only duo and google-authenticator are supported.

I need your help to reset this multifactor attribute on a user.
Thanks in advance!

Bumping the thread for a little more visibility.