We have MFA with Google Authenticator enabled for our users. There does not seem to be a way to have the users switch to a new device. We can use the code to log in if we lost our device, but we cannot let users reset the MFA to have a new QR code for a new phone.
- When I lose my phone as a user, I can enter the app by providing the code that we got when first registering with Google Authenticator. If using this code, a reset of the MFA could be triggered here.
- When switching devices, a user can provide the current GA code. An option to switch devices could possibly be available here as well. Though using the code like above could be enough to switch.
Auth0 could provide this functionality. Though I’m also aware that we can implement this through the API and use some kind of self service application. We kinda expected the lost your device code to have a way to let users reset it themselves…