Disable MFA
Use the Disable Multi-Factor Authentication screen to remove the authenticator app requirement from an user's account.
After unlinking the authenticator, the account no longer requires a verification code during login.
This screen includes:
- A banner that confirms MFA is active.
- A link that explains 2-step verification.
- An Unlink Authenticator App link.
- A redirect to the Edit Account screen after completion.
Workflow
- From the navigation menu, open Account > Edit Account > Security: 2-Step Verification.
- Select Unlink Authenticator App. This action disables the active MFA configuration.
- When the 2-step verification is disabled popup appears, choose one of the following:
- Yes: Directs the user to the MFA Setup screen to configure a new authenticator.
- No: Cancels the action and returns the user to the Edit Account screen.
Validations
| Scenario | App Behavior | SDK Output |
|---|---|---|
| User opens the screen when MFA is not active. | Blocks access and displays the Account screen. | Returns MFA state that identifies no active configuration. |
| Session is not authenticated. | Blocks access and displays the login screen. | Returns an unauthenticated state. |
| User does not select Yes or No. | Prevents action and keeps the dialog visible. | Returns validation metadata indicating a required choice. |
Actions
| Scenario | App Behavior | SDK Output |
|---|---|---|
| User selects Yes. | Disables the current MFA configuration and opens the MFA Setup screen. | Returns updated MFA state and secret registration data. |
| User selects No. | Cancels the action and returns to the Edit Account screen. | Returns the existing session context. |
| MFA disables successfully. | Displays a confirmation banner. | Returns MFA state that indicates no active authenticator. |
Endpoint Resources
Authentication Disabled
PUT
/account/mfa/disable
This endpoint disables the active multi-factor authentication configuration for the authenticated account.
Verification Disabled
PUT
/account/mfa/disable/successful
This endpoint confirms that MFA disables successfully and returns the updated MFA state.
Verify Authentication Code
POST
/account/mfa/disable
This endpoint initiates the unlink operation for the authenticator and disables MFA.
Endpoint Summary
| Endpoint | Method | Action Type | Function |
|---|---|---|---|
/mfa/disable | PUT | Update | Disables MFA for the account. |
/mfa/disable/successful | PUT | Confirmation | Confirms successful disablement. |
/mfa/disable | POST | Create/Trigger | Initiates unlinking of the authenticator configuration. |