Clear TOTP|VCA Settings from Employee Accounts

Clear TOTP Settings removes the registration of the authenticator app. Clear TOTP Settings and Clear VCA Settings are used to invalidate devices that were set as trusted devices and in doing so will invalidate the user’s current session, log the user out, and then back to the Login screen.

Setup: Security permission is required to create a login policy with MFA enabled. A user who can access the login policy will have the ability to clear both TOTP and VCA settings at the Login Policy level. For example, suppose 500 employees are assigned to login policy, “Email VCA”. Clearing VCA settings at the Login Policy level will affect all 500 employees.

Person: Clear Multi-Factor Authentication Settings permission is required to clear both TOTP and VCA settings for employees. This user can clear TOTP or VCA settings by individual or a group of people within their organizational authority.

A user can clear their own TOTP and VCA settings in the General information area in My Info without special privileges granted as long as their login policy is MFA enabled.

Note: Remember this functionality is Login Policy dependent when clearing for others and if wondering why does Lucy have Clear TOTP Settings, and Betty has both Clear TOTP Settings and Clear VCA settings, and Billy has neither.

For any users who require a complete reset to their VCA or TOTP configuration, there are options available for users, managers, and system administrators to clear VCA or TOTP settings. Once cleared, the employee or group of employees will be brought back to the Login page where they will enter their username and password as usual and proceed through the remaining VCA or TOTP process.

Whether Clear VCA Settings and Clear TOTP Settings are available to you depends on your Login Policy. If the login policy only has Email as an authentication method defined, then Clear VCA Settings will appear. If the login policy has Email and Authenticator App methods defined, then both Clear TOTP Settings and Clear VCA Settings will appear on the page.

Choices:

Clear VCA/TOTP for self: Go to My Info > General > Login > Clear TOTP Settings/Clear VCA Settings
Clear VCA/TOTP for others: Go to People > Select a Person or Multi-Select > Edit > Login. Clear TOTP Settings or Clear VCA Settings.
Clear VCA/TOTP for all members of a Login Policy at the same time: Go to Setup > Security > Login Policy. Choose the Login Policy desired. Clear TOTP Settings or Clear VCA Settings.

After an administrator clears VCA or TOTP settings for an employee from a Login Policy, the employee will be required to configure their VCA/TOTP settings and log in again. This is true even if the employee had checked the option to trust the device when initially configuring their VCA/TOTP settings. Once the VCA/TOTP settings are configured again, the employee will once again have the option to select the option to trust the device.