Reset our app user MFA with Management API

We have an app and use Auth0 for users authentication. All users refers to the particular account in our system. For some of them MFA in enabled.
So when they have no access to auth-provider (e.g. Google Authenticator), they ask our customer support to reset the MFA. To do this we need to go to the Auth0 app, find the particular user and reset MFA manually. :white_check_mark:

It works fine but not very convenient for customers, so now we want to allow account admins to do it in our app (we already have functionality of users management).

I’ve found exactly what we need on this page. So we need to delete existing enrolments for the particular user one by one, seems pretty clear. :smiley:

And here the problems are coming. I need to use /get_enrollments endpoint, but there is no such endpoint :man_shrugging:. Ok, there is another one pretty close to what we need:
GET /api/v2/users/{id}/enrollments
description: " Retrieve the first confirmed Guardian enrollment for a user".

This one works well (returns 200) but doesn’t return any data in response, just an empty array for the user which can log in only with Google Auth :man_shrugging:. And now I don’t understand the problem is that this endpoint may be used only in Guardian case (but we don’t use it), OR it’s a wrong endpoint :thinking: or we misunderstand something…

Please assist :pray:

Hi @dmytro.demakov,

Welcome to the Auth0 Community!

Could you use the DELETE /api/v2/users/{id}/authentication-methods endpoint?

Hey @dan.woda
Thanks for the assistance.

Yes, I can call this endpoint, it returns 204 and basically everything looks absolutely fine:

BUT nothing has changed in the system when user logs in :frowning:

Maybe such weird behaviour we have because we’re using AFAIU a bit outdated /oauth/ro endpoint? :thinking:

I tested it, and that endpoint successfully clears a user’s MFA factors.

Are you still seeing MFA factors for your user after hitting that endpoint successfully?

That may be a factor, I’m not sure. That endpoint has been deprecated for more than 5 years (longer then I’ve worked here :smile:), I would avoid it entirely. There is a replacement for that endpoint, more on that here.

Are you still seeing MFA factors for your user after hitting that endpoint successfully?

Well, I would say that it doesn’t return anything at all, no matter delete I something or not :man_shrugging:
To be honest, I didn’t see the case when any of these endpoints return anything in the body, but empty array [] :man_shrugging:

Migration of auth process is out of scope for now.

Can you please share your tenant name and an example user with me in a DM?

It looks like this issue is related:

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.