If a user has two-factor authentication (2FA) set up for their Identity and loses their backup codes, or can't get the authentication to work (due to no longer having the configured authentication device or application), it is possible to remove their 2FA configuration.
Remove 2FA from the employee account
Prerequisite
You must be the domain owner in Access Identity to follow these steps.
Sign into https://identity.accessacloud.com/.
Select My Account then click Two-Factor Authentication.
Click Disable for someone else and then enter the users email address.
Click Save.
2FA will no longer be required for that user to log in.
Note: If you have a domain policy configured where 2FA is required, the user will be prompted to set this up again after logging in.
Domain owner unknown, or the disable for someone else option is not available
If you don't know who owns your domain, or the option to disable for someone else is not available to you, then the 2FA will need to be removed from the user by Access.
To start this process, follow these steps:
Download our disable 2FA request form and provide it to the impacted user to fill in. They do not need to fill in the support ticket reference or the organisation approver fields.
Submit the employee populated form to the director of your organisation to complete and sign.
Note: The director of your organisation needs to review and action this form. We can't accept this from any non-director contact.
The director needs to submit the form attached to an email to the Support Analyst and Information Security team which includes the following statement:
"I confirm that I understand the associated risks related to disabling 2FA for the above individual and fully indemnify Access against any action or breach that may incur as a direct result."
Once our Information Security team confirm with support that 2FA removal for the user has been approved, support will file a request with our Workspace Development team to action the 2FA removal.