Factor Reset Using API Calls
Oct 20, 2025
Multi-Factor Authentication
Okta Identity Engine
Overview
This article addresses the issue when the user or administrator is unable to reset the factor for that user, with errors such as:
- An error has occurred and [Factor] could not be reset
or
- Authenticator could not be removed. Refresh the page and try again.
Applies To
- Okta Identity Engine (OIE)
- Authenticators
- Multi-Factor Authentication (MFA)
Cause
This error is commonly seen if an authenticator has not been removed in the correct method and the User Interface is still showing the user has been enrolled in that factor.
Solution
Remove the authenticator from the user, which can be done using API calls to manually delete the entry.
For initial setup steps, see How to Integrate Postman with Okta, and then download the User API and Factors API collections.
- Obtain the UserID of the affected user.
This can be done using a List Users > Get User API call and replacing userId with the user's email/login. This will give the user ID in the response as seen below.
- Obtain the User FactorID.
This can be done using the Factor Verification Operations > List Factors API call and replacing the userId with the one from Step 1, as seen below. For this example, Okta Verify push will be used.
- Delete the user's factor.
This can be done using the Factor Verification Operations > Delete Factor API call and replacing the UserID and FactorID from Step 1 and Step 2. The response for that API call will be a 204 HTTP response without a body.
After removing the factor from the user's profile, the factor will also disappear from the User Interface.
