Newer Version Available

This content describes an older version of this product. View Latest

Removing or Resetting Time-Based Token Keys

Only one time-based token can be stored on a user’s account. The user must use the authenticator app on the same mobile device to retrieve the token. If a user can’t access the mobile authenticator app used to add the time-based token, administrators can remove the key used to generate the token to deactivate it.
Available in: All Editions

For example, if a user lost the mobile device used to add a time-based token, the existing key must be removed before adding a replacement device.

If the user has the “Two-Factor Authentication for User Interface Logins” permission, he or she must add a new token when next logging into Salesforce.

Note

Users can also remove their key from the user detail page if they can access their account.

Click Remove next to Time-Based Token from the user detail page.