We are putting our app behind Okta and I’m working on adding and removing two factor auth from users accounts. My coworker implemented removing TFA by removing the user from a group the requires TFA. I found a bug related to that where he assumed the user has TFA is their list of factors is not empty. I’m wondering if there is a best practice for removing TFA. Is deleting the factor from the user account better by any means or is keeping it around not a problem even though it stays there and the status field does not change from being active from what I’ve seen. Thanks for any help!
Hi @jschindler! You can remove MFA under: 1. MFA > Factor Enrollment AND 2. Authentication > Sign-On Policy. If you run into issues, I recommend opening a support case - Okta Help Center (Lightning) with this issue. One of our Support Engineers will be happy to assist you further.
Thanks! I definitely don’t have a problem here, I was just wondering if there was a best practice when doing it programmatically via the sdk. You can either remove them from the TFA group or delete that factor from what I know.