This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disable TOTP unenrollment


is there a way to limit a user to perform enrollment of a TOTP only and disabling un-enrollment ?

Let's say I want to allow TOTP enrollment and disable all other operations, so that the user cannot unenroll its totp, email otp and ldap his own.

  • Suggested Answer

    Hello, from AAF, this would be achieved by creating a specific chain and event. Assigning the user(s) to a specific AD group, and assigning that group to the chain and event would limit them to the authentication methods required.