<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
MFA with SMS Fails - Error "Not found: Resource not found:(UserFactor)"
Jul 1, 2025
Okta Classic Engine
Multi-Factor Authentication
Okta Identity Engine
Overview

Users with the SMS MFA in a pending activation state will not receive the SMS due to this error:

Not found: Resource not found: {userID} (UserFactor)

NOTE: userID will be a string of letters and numbers unique to the affected user. This can be checked by performing the List Factors API call.
 

Applies To
  • Multifactor-Authentication (MFA)
  • API Calls
  • SMS factor
  • Factor API Call
Cause

This error can be caused by the user being in a pending state. The pending activation state might happen when:

  • The user was enrolled via an API call without activation.
  • The user enrolls for Factor but does not finish the enrollment process by entering the SMS code received.
Solution

This issue can be solved by resetting the MFA factor so that users will be able to re-enroll in MFA. There are two methods to reset the MFA:

  1. Delete the SMS factor by running a **Delete API call in Postman: {{url}}/api/v1/users/{{userId}}/factors/{{factorId}}
Delete API Call

The userId can be seen in the user URL when the user's profile is selected.

URL

The FactorId can be found via an API call that will list all the factors for that particular user using the userId from the previous step.

GET API Call

For more details, please see the Factors API documentation.

With the user and the SMS FactorId, they can run the Delete call. The user will be prompted to set up the factor at the next login (because of the Authentication policy that requires the SMS factor). 

  1. Reset all the MFA factors for one specific user from Okta Admin Console > Directory > People > select the user for which the MFA should be reset > More Actions > Reset Authenticators
Reset Authenticators


NOTE: Method 1, which requires an API call, allows the reset of the specific SMS factor, while Method 2 resets all the factors used for authentication. 

If the code for the POST > DELETE API call gets an error, for example, 404 resource not found, this could be due to a race condition. This occurs when a new delete request is sent too quickly after the initial successful one, meaning the subsequent request does not find the factorID as it has already been deleted, resulting in a resource not found error. It is recommended to add a brief delay (for example, using a sleep() function) after a successful response and before initiating another request.

 

Recommended content

Still looking for help?
Loading
MFA with SMS Fails - Error "Not found: Resource not found:(UserFactor)"