Disconnect a Third-Party Authenticator App from a User’s Account (Salesforce Orgs)

Only one third-party authenticator app that generates time-based one-time passwords (TOTP) codes can be connected to a user’s account at a time. If a user loses or replaces the device where their TOTP authenticator app was installed, you can disconnect the app from their account. If a user’s app stops working, reset it by disconnecting the app; then ask the user to restore the app’s connection to their account by re-registering it. It’s also a good security practice to disconnect all of a user’s verification methods if they leave your company.

Required Editions

Available in: both Salesforce Classic and Lightning Experience

Available in: all editions

User Permissions Needed
To disconnect a user’s authenticator app:	Manage Multi-Factor Authentication in User Interface

Note If a user is able to access their account, they can disconnect their third-party authenticator app themselves. Direct them to Disconnect a User’s TOTP Authenticator App for guidance.

1. From Setup, enter Users in the Quick Find box, then select Users.
2. Select the user’s name.
3. On the user’s detail page, select Disconnect next to the App Registration: One-Time Password Authenticator field.

After disconnecting the TOTP authenticator app, guide the user to re-register it. If the user is moving to a replacement device, they must install a new version of the app first. Refer them to Register a Third-Party Authenticator App as an Identity Verification Method for guidance. Admins can’t complete the registration step for users.

See Also

• Third-Party Authenticator Apps for MFA
• Disconnect Identity Verification Methods that are Lost, Replaced, or Not Working (Salesforce Orgs)