Disconnect a Built-In Authenticator from a User’s Account (Salesforce Orgs)

If a user loses or replaces the device where they used a built-in authenticator, you can disconnect the service from their account. If a user’s built-in authenticator stops working, reset it by disconnecting the service; then ask the user to restore the service’s connection to their account by re-registering it. It’s also a good security practice to disconnect all of a user’s verification methods if they leave your company.

Required Editions

Available in: both Salesforce Classic and Lightning Experience

Available in: all editions

User Permissions Needed
To remove a user’s built-in authenticator registration:	Manage Multi-Factor Authentication in User Interface

Note If a user is able to access their account, they can disconnect their built-in authenticator themselves. Direct them to Disconnect a User’s Built-In Authenticator for guidance.

1. From Setup, in the Quick Find box, enter Users, and then select Users.
2. Select the user’s name.
3. On the user’s detail page next to the built-in authenticator you want to disconnect, select Del.

After disconnecting the built-in authenticator, guide the user to re-register it. If the user is moving to a replacement device, they must set up the built-in authenticator service on the device first. Refer them to Register a Built-In Authenticator an an Identity Verification Method for guidance. Admins can’t register verification methods for users.

See Also

• Built-In Authenticators for MFA
• Disconnect Identity Verification Methods that are Lost, Replaced, or Not Working (Salesforce Orgs)