This article describes how to use Okta's Authenticators API to remove authenticators, instead of using the Okta Admin Console.
- Multi-Factor Authentication (MFA)
- Okta Identity Engine (OIE)
- Okta Authenticators API
Postman can interact with Okta's APIs. For more details, please refer to Test the Okta REST APIs with Postman. Okta offers a predefined list of API requests in the form of Postman Collections. For this task, the Authenticators Postman Collection will be used.
- Please use the List all authenticators API request to list all authenticators in the org. The goal is to retrieve the ID of the authenticator that we want to deactivate, which will be used in the second API request.
- Please copy the Authenticator ID retrieved in step 1 and replace the {{authenticatorId}} variable in the Deactivate an authenticator API request.
If the deactivation request was completed, Okta returns a 200 response code, represented by the green "200 OK" message, indicating the Postman call was successful.
One may encounter the error message: Cannot modify/disable this authenticator because it is enabled in one or more policies. To continue, disable the authenticator in these policies.
To resolve this error, disable the authenticator in the Authenticator Enrollment policies under Security > Authenticators > Enrollment:
and/or the self-service settings in the Password Policies under Security > Authenticators > Password > Actions > Edit:
