User MFA Factor Reset All

Trigger a flow when all of a user's multifactor authentication (MFA) factors are reset in Okta.

This operation uses the user.mfa.factor.reset_all Okta event.

To trigger this event card, you can reset all factors through the Admin Console or use an API call. See Reset Factors.


The User MFA Factor Reset All card only works for orgs using Okta Classic Engine.

To process an MFA reset all event for orgs using Okta Identity Engine, you must use the User MFA Factor Deactivated event card.

For each MFA factor, a reset event triggers the flow three times, once for each internal event:

  • User reset SIGNED_NONCE factor

  • User reset OKTA_VERIFY_PUSH factor

  • User reset OKTA_SOFT_TOKEN factor


Field Definition Type

Date and Time

The date and time when the event was triggered in the Okta API.



Any message details about the event.


Event ID

Unique identifier of the event.


Event Type

Type of event that was published.


Event Time

Timestamp when the notification was delivered to the service.



Versioning indicator.



Okta admin who enrolled the user in MFA.



ID of the Okta admin who enrolled the user in MFA.


Alternate ID

Email address of the Okta admin.


Display Name

Display name of the Okta admin.



Type of Okta admin who enrolled the user in MFA.


Okta User

The Okta user whose MFA factors were reset.



The unique identifier of the Okta user.


Alternate ID

Email address of the Okta user.


Display Name

Display name of the Okta user.



The universal unique identifier of the webhook event.


Event Details

The raw JSON payload returned from the Okta API for this particular event.



An object that represents the headers for the response.

Each key of the header is parsed into a header string as a key and value pair, for example, Content-Type: text/plain.



The source of any user-specific data.


Debug Context

Debug Data

Information on the triggered event that you can use for debugging.

For example, returned data can include a URI, an SMS provider, or a transaction ID.


While you can create additional user or group fields for an Okta event, the Okta API only returns values for four fields: ID, Alternate ID, Display Name, and Type.

No other fields are supported for users or groups, and data from such fields isn't returned by this event card.

Trigger a flow with this card

To trigger a flow, you must create a test user account in a test or development org and assign a super admin role to that user. Don't use your own account to complete the following steps:

  1. Sign in to the Admin Console using a test account.

  2. In the Admin Console, go to SecurityMultifactor.

  3. Verify that at least one factor is active. This page indicates active factors with green check marks.

  4. In the upper-right corner of the Admin Console, click the dropdown menu for your account, and then click My settings.

  5. In the Extra Verification section, confirm that at least one factor is already configured.

  6. Sign out of the test account, and sign in using your regular admin account.

  7. In the Admin Console, go to DirectoryPeople.

  8. In the Search field, search for the name associated with the test account. Click the test account's username.

  9. On the profile page for the test account, use the More Actions dropdown menu to select Reset Multifactor.

  10. In the confirmation dialog, click Reset All.

Resetting all MFA factors triggers any flow that uses the User MFA Factor Reset All event card.

Related topics

Okta Devices connector

Okta Devices API

Device lifecycle

Cards in flows