Clear List of Trusted Devices After Reset Password?

FLTdanmoe · December 2, 2022, 7:42pm

The gist is that I want to force MFA on ALL devices/browsers/contexts after successfully completing the Forgot Password (verify security question) API call.

I figure the quickest way to achieve this would be to delete all deviceTokens associated a given user. Is this possible?

Scenario:
I use my web app in Chrome and Edge. Both browsers have a UUID deviceToken cookie stored to bypass MFA on the trusted device.

I complete the Forgot Password (verify security question) process in Chrome. The app destroys the deviceToken cookie, triggering MFA on the next login using Chrome. So far so good.

The gap I am trying to bridge is how to require MFA during the next login using Edge (really, all other trusted devices).

erik · December 7, 2022, 7:54pm

Hello,

As far as I know there is not a way. I don’t know of any management API that would do this.
I tested suspend/un-suspend a user but the associated tokens remained.

I am researching internally but if I (or someone else) does update this thread in a few days would suggest to open a support case.

Thank You,

Post		Replies	Views
Remeber device issue with multiple users on same device Questions	2	27	August 13, 2025
How to send device token as part of the verify MFA requesrt API	1	2359	February 12, 2024
How Per Device Remember me API works API dotnet , api	3	9007	February 9, 2020
Trust this device for 14 days Questions idx , mfa	1	17	November 8, 2025
MFA bypassed with browser back button Questions	7	3984	January 23, 2024

Clear List of Trusted Devices After Reset Password?

Related topics