Disconnect a Security Key from a User’s Account (Salesforce Orgs)

Users can register only one WebAuthn (FIDO2) or Universal Second Factor (U2F) security key with their Salesforce account at a time. If a user loses or replaces their security key, you can disconnect the original key from their account. If a user’s security key stops working, reset it by disconnecting the key; then ask the user to restore the key’s connection to their account by re-registering it. It’s also a good security practice to disconnect all of a user’s verification methods if they leave your company.

Required Editions

Available in: both Salesforce Classic and Lightning Experience

Available in: all editions

User Permissions Needed
To remove a user’s security key registration:	Manage Multi-Factor Authentication in User Interface

Note If a user is able to access their account, they can disconnect their security key themselves. Direct them to Disconnect a User’s Security Key for guidance.

1. From Setup, enter Users in the Quick Find box, and then select Users.
2. Select the user’s name.
3. On the user’s detail page, select Remove next to the Security Key (U2F or WebAuthn) field.

After disconnecting the security key, guide the user to re-register it or register their replacement key. Refer them to Register a Security Key as an Identity Verification Method for guidance. Admins can’t register verification methods for users.

See Also

• Security Keys for MFA
• Disconnect Identity Verification Methods that are Lost, Replaced, or Not Working (Salesforce Orgs)