Jump to

• Request
• Response

Change Default MFA Factor or Un-Enroll in MFA

patch

/mfa/v1/users/{userGUID}

Request

Supported Media Types

• application/json

Path Parameters

• userGUID: string
  Unique identifier for User

Header Parameters

• Authorization: string
  Provide a valid OAuth Access Token that has the 'MFA Client' scope.

Body ()

Change Default Factor or Unenroll MFA Schema

Root Schema : ChangeDefaultFactor

Type: object

Use this schema to change default factor or to unenroll MFA factors

Show Source

• disableMFA(optional): string
  This attribute indicates that the user wants to disable MFA from his profile. This removes all enrolled factors from a user's profile. Supported values for this attribute are:
  

  • true
  • false

  This should only be invoked by a user who is already enrolled for MFA.
• preferredFactorId(optional): string
  This attribute contains the unique identifier of an enrolled factor that the user wants to set as his default MFA factor. In case of SECURITY_QUESTIONS method, this attribute should have it's value set to -'SecurityQuestions'
• preferredMethod(optional): string
  This attribute indicates the MFA method that the user wants to set as his default method of authentication. Supported values for this attribute are:

  • SMS
  • PHONE_CALL
  • TOTP
  • PUSH
  • EMAIL
  • SECURITY_QUESTIONS

  
  When a user wants to change his default MFA factor, this attribute also needs the preferredFactorId attribute to be provided.

{
    "type":"object",
    "description":"Use this schema to change default factor or to unenroll MFA factors",
    "properties":{
        "disableMFA":{
            "type":"string",
            "description":"This attribute indicates that the user wants to disable MFA from his profile. This removes all enrolled factors from a user's profile. Supported values for this attribute are:<br><ul><li>true</li><li>false</li> </ul>This should only be invoked by a user who is already enrolled for MFA."
        },
        "preferredFactorId":{
            "type":"string",
            "description":"This attribute contains the unique identifier of an enrolled factor that the user wants to set as his default MFA factor. In case of SECURITY_QUESTIONS method, this attribute should have it's value set to -'SecurityQuestions'"
        },
        "preferredMethod":{
            "type":"string",
            "description":"This attribute indicates the MFA method that the user wants to set as his default method of authentication. Supported values for this attribute are:<ul><li>SMS</li><li>PHONE_CALL</li><li>TOTP</li><li>PUSH</li><li>EMAIL</li><li>SECURITY_QUESTIONS</li></ul><br>When a user wants to change his default MFA factor, this attribute also needs the preferredFactorId attribute to be provided."
        }
    }
}

Back to Top

Response

Supported Media Types

• application/json

200 Response

Indicates successful profile update.

400 Response

Indicates that the request payload is invalid.

401 Response

Indicates that the profile update request failed due to an invalid token, or an inactive or locked user, or if the user hasn't enrolled in any MFA factors.

404 Response

Indicates that the userGUID provided is invalid.

500 Response

Internal Server error

Back to Top