Reset User MFA
Reset multi-factor authentication (MFA) for a user. This disables MFA for the specified user, allowing them to log in without a second factor. Use this endpoint when a user is locked out due to losing access to their MFA device.
Request
POST https://api.entryguard.io/api/v1/users/{id}/reset-mfa
Authentication
Requires a valid Bearer JWT token with ORG_ADMIN role.
Authorization: Bearer <access_token>
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | UUID | Yes | The unique identifier of the user whose MFA should be reset |
Request Body
No request body is required.
Response
Success Response
Status Code: 200 OK
{
"message": "MFA reset successfully"
}
Error Responses
| Status Code | Description |
|---|---|
400 Bad Request | MFA is not enabled for this user |
401 Unauthorized | Missing or invalid authentication token |
403 Forbidden | User does not have ORG_ADMIN role |
404 Not Found | User with the specified ID does not exist in this organization |
429 Too Many Requests | Rate limit exceeded |
500 Internal Server Error | Server error occurred |
Error Response Examples:
{
"timestamp": "2026-02-18T10:30:00Z",
"status": 404,
"error": "Not Found",
"message": "User not found with id: 770e8400-e29b-41d4-a716-446655440004",
"path": "/api/v1/users/770e8400-e29b-41d4-a716-446655440004/reset-mfa"
}
{
"timestamp": "2026-02-18T10:30:00Z",
"status": 400,
"error": "Bad Request",
"message": "MFA is not enabled for this user",
"path": "/api/v1/users/770e8400-e29b-41d4-a716-446655440004/reset-mfa"
}
Example
Request
curl -X POST https://api.entryguard.io/api/v1/users/770e8400-e29b-41d4-a716-446655440004/reset-mfa \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Response
{
"message": "MFA reset successfully"
}
Notes
- After MFA is reset, the user will be able to log in with only their email and password
- The user can re-enable MFA from their account settings after logging in
- This operation is logged in the audit trail
- Use this endpoint carefully, as it reduces account security temporarily
- If your organization requires MFA for all users, the user will be prompted to set it up again on next login