Multi-Factor Authentication (MFA) Reset Functionality for Employees

Have more questions? Submit a request

This article outlines the process and requirements for an Administrator to reset the Multi-Factor Authentication (MFA) for an employee within your company.

What is the MFA Reset Functionality?

With the new mandatory MFA enforcement, a user may occasionally lose access to their registered authentication device (e.g., a lost or replaced phone).

The MFA Reset functionality is an administrative tool that allows a company Administrator to temporarily disable an employee's current MFA setup, enabling them to log in and re-register a new MFA device. This functionality significantly reduces reliance on Humi Support for login issues related to device changes.

When is an MFA Reset Needed?

An employee will need an MFA reset in the following scenarios:

  • Lost or Stolen Device: The employee no longer has the device (smartphone, tablet, etc.) where their MFA app (like Google Authenticator or Authy) was installed.
  • Replaced Device: The employee got a new phone and did not transfer their authenticator app data from the old one, and they do not have their backup codes.
  • Device Malfunction: The employee's MFA device is broken or inaccessible.

Permissions to Reset MFA

The ability to perform an MFA reset is controlled by a specific permission that can be managed by Company Administrators:

Screenshot 2025-12-01 at 10.00.18 AM.png
  • Permission Control: The ability to reset an employee's MFA is controlled by a new permission: "Ability to Reset Employee MFA."
  • Default Settings: This permission is ON by default for the Admin role. It is OFF by default for Manager, Employee, and all Custom roles.

For information on a related administrative security feature, you can refer to the article: Activate Single Sign-On (SSO) in Humi.

Action Required: How an Admin Resets an Employee's MFA

Only a user with the correct permission (typically a company Administrator) has the ability to perform an MFA reset.

  1. Navigate to the Employee's Profile: An Administrator must log into the platform and navigate to the profile of the employee requesting the reset.
  2. Locate the MFA Reset Option: On the employee's profile/Account tab, the Administrator will find the prominent "Reset MFA" button/action.
  3. Execute the Reset: The Administrator clicks the "Reset MFA" button. This action triggers a Confirmation Modal requiring the admin to verify the action. Upon confirmation, the system immediately de-registers the employee's current MFA device(s) and flags their profile for re-enrollment.
  4. Employee Action: The employee should then attempt to log in. They will be prompted immediately to go through the initial MFA Setup process again, allowing them to register their new device.

The MFA reset only clears the registration of the device; it does not disable MFA entirely. The employee must set up a new MFA method on their next login attempt.

Audit Log Record

The admin will see a simplified record showing the essential details of the last reset:

  • Timestamp: Date and time of the reset.

    Screenshot 2025-12-01 at 10.13.52 AM.png
  • Reset by (Actor): Email address of the Admin who performed the reset.
Did this article answer your question?
0 out of 1 found this helpful

Comments

0 comments

Please sign in to leave a comment.