By default, when deactivating an Okta user, the user's second factor does not get reset, and once deactivated, resetting the second factor is not possible. This article clarifies whether there is an event hook to have a factor deactivation request sent to a workflow that resets the factors, and only then would the user deactivation take place.

• Multi-Factor Authentication (MFA)
• MFA Reset
• End User MFA

This is working as designed.  

Unfortunately, it is not possible to send the deactivation request to a workflow that resets the second factor before deactivation. All Event Hooks are async, so they will not stop the flow and wait for the external call to be complete before continuing with the deactivation process.