This setting allows you to restrict users from re-enrolling, editing, and deleting the enrolled authenticators in the Self-Service and Helpdesk portals and API integrations.
To disable re-enrollment or removal of authenticators, set Disable re-enrollment to ON.
WARNING:If you access the Administration portal with a local user credentials such as local\admin, you might get into a lockout situation. This can happen when the administrator's password expires and it is not possible to change the password. Therefore, to use the Disable re-enrollment option, you must configure the access of a repository account to the Administration portal. To do this:
Add authorized users or a group of users from a repository to the FULL ADMINS role.
Assign chains, which contain methods that are enrolled for users, to the AdminUI event (at a minimum with an LDAP Password method).