Idea ID: 2876217

Auto enrolled methods should auto delete if underlying data is removed

Status: Waiting for Votes

When a user is added to AD with an email address the email otp method is auto enrolled.  Furthermore, when the email address attribute is removed from AD on a user the email otp auto enrollment is retained but the email address is removed from AAF.  When the email otp auto enrollment has no email address the user is not able to do any of the following things with that enrollment:


1.            Test the enrollment in the enrollment portal

2.            See email otp as an available authentication method in the windows client, aaf saml/osp auth, or aaf portal.



  • The current behavior is somewhat confusing. If the method is auto-enrolled, the user expects it to also be unenrolled when the underlying data is removed.

    It would be nice if it were an option to choose from, whether or not we want them to unroll automatically, just as enrollment occurs.