Unlink Authenticator App
Use the Unlink Authenticator App screen to remove multi-factor authentication (MFA) from a doctor account with MFA enabled.
This screen is accessible only within an authenticated user session by selecting Security: 2-Step Verification from the Edit Account screen.
This screen requires a valid session. The unlinking process is handled entirely within the authenticated flow. No additional API integration is required.
This screen includes:
- A banner confirming that MFA is currently active.
- A description that explains how to remove 2-step verification or replace the authenticator app.
- An Unlink Authenticator App link.
- A prompt to download backup codes before removing MFA.
- A redirect to the Edit Account screen after completion.
Workflow
Download your backup codes before unlinking MFA. If you lose access to your authenticator app, account recovery becomes more difficult.
- From the navigation menu, open Account > Edit Account > Security: 2-Step Verification.
- The screen confirms that MFA is enabled.
- Select Unlink Authenticator App.
- Confirm the unlinking action when prompted.
→ The authenticator is removed, and the user is redirected to the Edit Account screen.
Validations
- Rejects unlinking attempts if no authenticator is linked.
- Requires a valid session token.
- Fails if confirmation is invalid or missing (when required).
Actions
- Removes the registered authenticator from the account.
- Updates the MFA status in the session and backend.
- Disables MFA verification at login.
- Redirects the user to the Edit Account screen.
SDK and API References
- SDK Reference
- API Reference
GET
/account/mfa/enable
Returns the MFA state for the authenticated account. If MFA is active, the screen displays unlinking options.
UI Element Types
| Level | Reference | Type | Value |
|---|---|---|---|
| 1 | enabled | Regular | You enabled Multi Factor Authentication (MFA) |
| 1 | disable | Regular | To disable the 2-step verification, or to link a new authenticator app, click Unlink. |
| 1 | unlink | Link | Unlink Authenticator app |
| 1 | spacer | Spacer | — |
| 1 | learn-more | Link | Learn more |
POST
/account/mfa/enable
Registers a new MFA configuration using the provided shared secret and verification code from the authenticator app.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
code | String | Yes | MFA code provided by the authenticator app |
secret | String | Yes | Shared secret to validate the authenticator |
Errors
| Code | Description |
|---|---|
FIELDS_VALIDATION_ERROR | One or more fields are missing or invalid. |
MFA_ALREADY_ENABLED | MFA is already enabled for this account. |