Deletes a registered authenticator for a user
This step removes a specific authenticator registration from the user's profile in Mosaic. It can be used to delete authenticators such as passwords, passkeys, TOTP, mobile biometrics, face authentication, and PIN codes (This functionality is being gradually rolled out across regions and tenants). OTP authenticators cannot be deleted using this step. This step only removes the authenticator record in Mosaic—for device-bound authenticators (such as passkeys, mobile biometrics, or PIN codes), the local key on the user's device is not affected.
The authenticator to delete is identified by its authenticator ID, which can be retrieved using the "User Authenticators: User authenticators API" step. If the step completes successfully, the authenticator is removed from the user's profile and the journey continues to the next step. If it fails, the journey proceeds to a failure branch (if one is specified); otherwise, the journey is aborted and an error is sent to the client.
This step replaces the Delete Mobile Biometrics and Delete Mobile PIN steps, which are now deprecated.
| Field | Description |
|---|---|
| User auth state | Indicates if the user has authenticated in this journey. If the user is authenticated (default), the user context is provided implicitly by the journey. If not, a user identifier must be configured. |
| Identifiers | Only configured if the journey doesn't authenticate the user before invoking this step. Can be an external user ID, email, phone number, username, or a custom identifier, if configured for B2C users in your tenant. |
| Authenticator ID | ID of the authenticator to delete, specified as an expression. Can be retrieved using the "User Authenticators: User authenticators API" step or the User Authenticators API. |
| Error output variable | Name of the variable that stores any errors returned by the step. |
| Failure behavior | Determines the behavior in case of failure, which either aborts the journey or proceeds to a failure branch of the control flow (default). |
This step can be configured to record step input and output data, or a custom payload, which is then surfaced in journey events in Journey Analytics for diagnostic purposes. For details, see Additional data reporting.