Symantec Access Management

Hi use CA Advanced authentication.
I've a profile with AOTP_MOBILEAPP as 2nd factor. I did the enrollment with 3 different accounts and it worked. (enroll and auth)

Now I don't have that smartphone anymore and I would like to do the re-enrollment.

How can I do ?

From admin console I tried to delete the device on the users to whom a profile with both OTP & PUSH was associated.
When I enter a PUSH protected application it makes me do the enrollment.
But when I enter an application protected by OTP, it keeps asking me for the OTP.

How can I force enrollment for a user? Or how can I make strong auth forget that user ?

is safe delete ROW for that users from ARWFARCOTOTP table ?

Thaks in advance!

Original Message:
Sent: 08-05-2020 06:36 AM
From: Marco Trucillo
Subject: Advance Auth - CA OTP mobile - How to force re-enrollment of a user ?


Hi use CA Advanced authentication.
I've a profile with AOTP_MOBILEAPP as 2nd factor. I did the enrollment with 3 different accounts and it worked. (enroll and auth)

Now I don't have that smartphone anymore and I would like to do the re-enrollment.

How can I do ?

From admin console I tried to delete the device on the users to whom a profile with both OTP & PUSH was associated.
When I enter a PUSH protected application it makes me do the enrollment.
But when I enter an application protected by OTP, it keeps asking me for the OTP.

How can I force enrollment for a user? Or how can I make strong auth forget that user ?

Hi Marco,

This is not something we recommend but as this is just for test purpose you can delete the record from the ARWFARCOTOTP table, you need to find the USERREFID from arudsuser table and then reference that in ARCWFARCOTOTP table so only that record is touched. This will allow you to do the re-enrollment.
Let us know if you need anything further on this.
Original Message:
Sent: 08-05-2020 09:40 AM
From: Marco Trucillo
Subject: Advance Auth - CA OTP mobile - How to force re-enrollment of a user ?

is safe delete ROW for that users from ARWFARCOTOTP table ?

Thaks in advance!

Original Message:
Sent: 08-05-2020 06:36 AM
From: Marco Trucillo
Subject: Advance Auth - CA OTP mobile - How to force re-enrollment of a user ?


Hi use CA Advanced authentication.
I've a profile with AOTP_MOBILEAPP as 2nd factor. I did the enrollment with 3 different accounts and it worked. (enroll and auth)

Now I don't have that smartphone anymore and I would like to do the re-enrollment.

How can I do ?

From admin console I tried to delete the device on the users to whom a profile with both OTP & PUSH was associated.
When I enter a PUSH protected application it makes me do the enrollment.
But when I enter an application protected by OTP, it keeps asking me for the OTP.

How can I force enrollment for a user? Or how can I make strong auth forget that user ?

if I delete the rows related to the user, it works. But I hoped there was a "better" way
Original Message:
Sent: 08-06-2020 08:57 AM
From: Namish Tiwari
Subject: Advance Auth - CA OTP mobile - How to force re-enrollment of a user ?

Hi Marco,

This is not something we recommend but as this is just for test purpose you can delete the record from the ARWFARCOTOTP table, you need to find the USERREFID from arudsuser table and then reference that in ARCWFARCOTOTP table so only that record is touched. This will allow you to do the re-enrollment.
Let us know if you need anything further on this.
Original Message:
Sent: 08-05-2020 09:40 AM
From: Marco Trucillo
Subject: Advance Auth - CA OTP mobile - How to force re-enrollment of a user ?

is safe delete ROW for that users from ARWFARCOTOTP table ?

Thaks in advance!

Original Message:
Sent: 08-05-2020 06:36 AM
From: Marco Trucillo
Subject: Advance Auth - CA OTP mobile - How to force re-enrollment of a user ?


Hi use CA Advanced authentication.
I've a profile with AOTP_MOBILEAPP as 2nd factor. I did the enrollment with 3 different accounts and it worked. (enroll and auth)

Now I don't have that smartphone anymore and I would like to do the re-enrollment.

How can I do ?

From admin console I tried to delete the device on the users to whom a profile with both OTP & PUSH was associated.
When I enter a PUSH protected application it makes me do the enrollment.
But when I enter an application protected by OTP, it keeps asking me for the OTP.

How can I force enrollment for a user? Or how can I make strong auth forget that user ?