If a user needs their MFA reset for your organization Dispel will follow the process outlined in this document to verify a request to reset a user's MFA.
All requests must be verified with an administrator over the requesting user.
For example, if a user at Facility A requests that their MFA be reset, then an admin over Facility A (a facility admin, region admin, or organization admin) must verify and approve the request.
Should an administrator need their MFA reset, then another administrator of equal or higher privilege must verify and approve the request.
In a circumstance where an administrator is requesting an MFA reset, and no other administrators are available to verify, then a Dispel employee with a direct relationship with the requester may verify their request via voice chat.
All requests must be validated over 2 distinct communication methods.
For example, if a user requests an MFA reset through an intercom ticket, then the Dispel employee may reach out over email to the involved parties to verify the request.
In cases that are not covered by steps outlined above, an organization admin will need to verify and approve the request, and the main point of contact for the organization (often the same person who is approving the request) will be notified by Dispel.
Should any organization desire a deviation from these standards they can be communicated to their Dispel point of contact and Dispel will honor the organization's standards of verification for requests from that organization.