Authenticator management
Letting users remove authenticators
Learn how to let users remove their own authenticators via Authsignal’s pre-built UI.
Users may want to remove authentication methods for various reasons:
2. Frontend: Launch settings flow
3. User experience
Users will:
- Switching to a new device or authenticator app
- No longer having access to an email or phone number
- Simplifying their authentication setup
Security consideration: Always require users to authenticate with an existing method before allowing them to remove authenticators. This prevents unauthorized removal if an account is compromised.
Using the pre-built UI
The pre-built UI provides a secure, user-friendly way for users to manage their authenticators.Implementation steps
1. Backend: Track action with settings redirect PassingredirectToSettings: true in the track request will mean that after completing a challenge with an existing authentication method, users will be redirected to a settings menu where they can remove authentication methods.
- Complete a challenge with one of their existing authenticators
- Access the settings menu where they can view all their enrolled methods
- Remove unwanted authenticators
Removing authentication methods in the pre-built UI
The pre-built UI automatically enforces security by requiring authentication before allowing removal. Users cannot remove their last remaining authenticator to prevent account lockout.
Administrative removal
Admins can remove authenticators for users through the Authsignal Portal:- Navigate to the Users section
- Search for and select the user
- Scroll down to see the enrolled authenticators
- Remove specific methods as needed
Programmatic removal
For automated admin workflows, use the Delete Authenticator API:Use programmatic removal carefully. Removing all of a user’s authenticators may lock them out of their account.