Reseting MFA does not disable it

Hi,

I’m a bit confused on how to completly disable MFA for a specific user.

  • User enrolled in MFA using the Gardian App
  • In the Admin dashboard, I can see the MFA info and the text “User is enrolled on MFA. Reset MFA”
  • If I click “Reset MFA”. The MFA info is cleared anf the text " MFA is enabled for this user. Send an enrollment invitation" is shown.

But…

If I get the user info from the Management API endpoint (https://{{auth0_domain}}/api/v2/users/:id), the MFA info still appear as

“multifactor”: [
“guardian”
]

This element is not present for user that never enrolled into MFA.

Is it possible to clear this information from the user?

Thanks

Martin

Hey there!

Let me research that for you and get back here with the news soon!

Hi there, can you tell me if this actually supported (disable MFA for one particular user) ?

Hi, any update on this issue?

Thanks

It is. Here’s how to do that:

Hey there Martin!

Sorry for the delay in response. It seems like there’s a problem in our stack as you performed the action via UI (resetting the MFA) and then you’re checking the users using the API and the UI tells one thing while the API tells the other. I submitted it as an internal engineering ticket and will update you on this one as soon as I have any info about the fix from the engineering team. Sorry for the inconvenience!

Hi Konrad,

Thank you for your reply. This procedure will remove the MFA, but it’s only temporarily. As soon as the user tries logging in again he will need to setup MFA again.

I was asking this question because we’re trying to do automated tests with Cypress for our application. Using a predefined user for that scenario is doable, but when this user’s MFA is enabled, things become really hard.

Gotchya! I don’t have much of experience with Cypress but maybe if you can share that in this thread which is about end-to-end testing with Cypress somebody will be able to guide you:

1 Like