Removing two‑factor authentication from a user
If a user in your organization no longer needs two-factor authentication (2FA), you can remove 2FA from their user profile. If they need access again later, you can add 2FA to the user again. You can also re-enroll 2FA if the user has trouble using the authenticator app, needs to change authenticator apps, or needs to change the device they use for the authenticator app. Users can also add and re-enroll two-factor authentication for their own user profile, but they can't remove 2FA on their own.
Note: If the user has the Managed Security Solutions permission, you must remove the permission from their user profile before removing two‑factor authentication.
To remove two-factor authentication from a user:
- Click Admin, then click Users.
Control Center lists the users for your organization. For each user, Control Center shows whether the user is a system administrator, whether the user has two-factor authentication (2FA), the method for receiving the authentication code, when the user last signed in, and whether the user is active.
- Search for the user by doing one of the following:
- Scroll through the list of users. If you have more than 20 users, use the arrows at the bottom of the page to navigate between pages.
- Start typing part of the user's first name, last name, or username in the Search field. (Control Center filters the user list as you type.)
- Scroll through the list of users. If you have more than 20 users, use the arrows at the bottom of the page to navigate between pages.
- When you find the user, click the row for the user.
Control Center shows profile information for the user. The Two-Factor Authentication field shows the method (Authentication App or Email) currently set for the user.
- Click AVAILABLE ACTIONS, then click Disable 2FA.
Control Center removes the security token from the user's profile and removes the icon next to the username for the user.
Not quite right?
Try one of these popular searches:
Explore Control Center
Top content
