Email authenticator is not really deleted even though the API call succeeded

Loading

Skip to Navigation Skip to Main Content

Search

Search

Select Language

0D54z00009lafUZCAYOkta Classic EngineMulti-Factor AuthenticationAnswered2025-09-13T09:01:51.000Z2023-10-18T18:56:00.000Z2023-10-19T17:13:37.000Z

GavinC.72215 (Customer) asked a question.

October 18, 2023 at 6:56 PM

Email authenticator is not really deleted even though the API call succeeded

I made an API call to {{url}}/api/v1/users/{{userId}}/factors/{{factorId}} using DELETE verb and provided the factor id for email. The call returned with 204 no content. I assume that means the request was processed successfully. But when I call {{url}}/api/v1/users/{{userId}}/factors with GET verb again to retrieve the list of enrolled factors, the email factor appeared in the list and the status is "active". So the question is: can we REALLY delete the email authenticator?

Multi-Factor Authentication

Top Rated Answers

Paul S. (Okta, Inc.)
3 years ago
Hello @GavinC.72215 (Customer) Thank you for reacting out to our Community!

If you have email authenticatior, this factor is automatically enrolled upon enablement or user creation. So if you delete it, it will be enrolled the second after deletation.

Community members help others by clicking Like or Select as Best on responses. Try it today.

What you missed: new product releases and other announcements
Expand Post
Selected as Best

All Answers

a0n5s (a0n5s)
3 years ago
@GavinC.72215 (Customer) as the document : https://developer.okta.com/docs/reference/api/factors/#response-example-16 told, primary or secondary email address can be use. Does this user has secondary email in okta?

Enrolls a user with an Email Factor. An email with an OTP is sent to the primary or secondary (depending on which one is enrolled) email address of the user during enrollment. The Factor must be activated by following the
activate
link relation to complete the enrollment process. An optional
tokenLifetimeSeconds
can be specified as a query parameter to indicate the lifetime of the OTP. The default lifetime is 300 seconds.
tokenLifetimeSeconds
should be in the range of 1 to 86400 inclusive.

as this 204 is correct response.
https://devforum.okta.com/t/delete-factor-doesnt-get-deleted/8168
Expand Post
GavinC.72215 (Customer)
3 years ago
User doesn't have secondary email.
Expand Post
Paul S. (Okta, Inc.)
3 years ago
Hello @GavinC.72215 (Customer) Thank you for reacting out to our Community!

If you have email authenticatior, this factor is automatically enrolled upon enablement or user creation. So if you delete it, it will be enrolled the second after deletation.

Community members help others by clicking Like or Select as Best on responses. Try it today.

What you missed: new product releases and other announcements
Expand Post
Selected as Best
GavinC.72215 (Customer)
3 years ago
Thank you Paul!
Expand Post

This question is closed.

Recommended content

Forum

Factors API doesn't show "Email Factor" even if already enrolled for a user

Forum

Mr. Luther ismaila

Forum

Unexpected JIT user creation via SAML IdP even though email domain wasn't in IdP Routing Rule

Forum

Unable to get LOCKED_OUT status from /api/v1/authn endpoint even after enabling the “Show lock out failures” setting

Loading

Email authenticator is not really deleted even though the API call succeeded