Disable Two-factor Authentication
Users can enable two-factor authentication by pairing their Hub account with an authentication app or hardware token.
For app-based authentication, Hub provides recovery codes that can be used as one-time passwords to access the application. If a user doesn't have the recovery codes and no longer has access to the authentication app that is paired with the Hub account, he or she is unable to log in.
For token-based authentication, a user who loses the hardware device that is used as a second factor is no longer able to log into Hub.
As an administrator with the Update User permission, you can restore account access by disabling this feature in the user's profile. If you are the default administrator for the installation and have lost your second factor for authentication, you can restore access by resetting your account. For instructions, see Manage the Default Administrator Account.
When you disable 2FA for another user, they can delete the current app or hardware integration and set up 2FA with another app or token. If they have recovered the authentication factor that is already paired with their Hub account, they can re-enable the feature in their profile.
You also have the option to delete the current app or hardware integration on behalf of another user. If you choose this option, the user has to pair their Hub account with the authentication app or hardware token from scratch, even when they later recover the second authentication factor.
To disable two-factor authentication for a user account:
From the Access Management section of the Administration menu, select Users.
Click the Full Name link of the user account for which you want to restore access. Use the filter in the header to find users that match specific attributes.
Locate the Two-factor authentication setting.
Click the Disable link.
Two-factor authentication is disabled for the user account.
The user is able to sign into Hub with a login and password.
If the user belongs to a group for which two-factor authentication is required, they are immediately prompted to set up the feature the next time they log in. Access to Hub and connected services is severely restricted until they re-enable the feature.