- Docs
- Security
- Two-Factor Authentication (2FA)
- Removing 2FA Requirement
Removing 2FA Requirement
Site Administrators can remove the 2FA requirement for any user account. Users can remove the 2FA requirement from their own account if site-level enforcement settings allow it, or if their Site Administrator has permitted them to do so.
Removing Site-Level 2FA Enforcement
Site Administrators can remove the 2FA requirement enforcement at site-level for all users and for Site Administrators. When the 2FA requirement is disabled at the site level, a 7-day waiting period is applied before the change takes effect. This delay is intended to enhance security and applies to all users previously covered by the enforcement setting.
Removing the 2FA Requirement from a User Account
Site Administrators have full control over removing the 2FA requirement from individual user accounts. This action is performed from the user’s profile. Disabling this setting removes the requirement to use 2FA but does not delete any previously configured 2FA methods from the user’s account. Users can log in without being prompted for 2FA, while their enrolled methods remain available for future use if needed.
If the 2FA requirement is removed at the site level, it affects users whose 2FA setting is configured to use site-wide setting. For all other users, any custom setting explicitly configured for their account will continue to apply.
Removing the 2FA Requirement from Your Account
Users can remove the 2FA requirement from their own account by going to the My Account page and providing a valid code or confirmation from one of their existing 2FA methods, if site-level enforcement settings allow it or their Site Administrator has permitted them to do so. This may include a hardware key, YubiKey (native mode), authenticator app, SMS, or email verification. If none of the 2FA methods are accessible, for example if a device is lost, a Site Administrator must remove the 2FA requirement on the user’s behalf.