diff --git a/backend/areas/users/user_service.py b/backend/areas/users/user_service.py
index ebb965a1b494d2d8d559c21d477e0307bb442f56..d899e3ea5de3150f79e6387106340160462aa790 100644
--- a/backend/areas/users/user_service.py
+++ b/backend/areas/users/user_service.py
@@ -91,6 +91,10 @@ class UserService:
 
         return UserService.get_user(res["id"])
 
+    @staticmethod
+    def reset_2fa(id):
+        KratosApi.delete("/admin/identities/{}/credentials/totp".format(id))
+
 
     @staticmethod
     def __start_recovery_flow(email):
diff --git a/backend/areas/users/users.py b/backend/areas/users/users.py
index a00e7d14671a0911c9064a990367f910529e9be6..424affdde12897d9c628362b8629c302964c999d 100644
--- a/backend/areas/users/users.py
+++ b/backend/areas/users/users.py
@@ -36,6 +36,14 @@ def get_user_recovery(id):
     res = UserService.create_recovery_link(id)
     return jsonify(res)
 
+@api_v1.route("/users/<string:id>/reset_2fa", methods=["POST"])
+@jwt_required()
+@cross_origin()
+@admin_required()
+def reset_2fa(id):
+    res = UserService.reset_2fa(id)
+    return jsonify(res)
+
 @api_v1.route("/users", methods=["POST"])
 @jwt_required()
 @cross_origin()
diff --git a/backend/cliapp/cliapp/cli.py b/backend/cliapp/cliapp/cli.py
index 4c8305c562e0168862a8be7b68957959cbb61e31..fca212ce1b93ad49eb589d78da562e067c6cd4bb 100644
--- a/backend/cliapp/cliapp/cli.py
+++ b/backend/cliapp/cliapp/cli.py
@@ -17,8 +17,9 @@ from sqlalchemy import func
 from config import HYDRA_ADMIN_URL, KRATOS_ADMIN_URL, KRATOS_PUBLIC_URL
 from helpers import KratosUser
 from cliapp import cli
-from areas.roles import Role
 from areas.apps import AppRole, App
+from areas.roles import Role
+from areas.users import UserService
 from database import db
 
 # APIs
@@ -400,4 +401,22 @@ def recover_user(email):
         current_app.logger.error(f"Error while getting reset link: {error}")
 
 
+@user_cli.command("reset_2fa")
+@click.argument("email")
+def reset_2fa(email):
+    """Remove configured second factor for a user.
+    :param email: Email address of the user
+    """
+
+    current_app.logger.info(f"Removing second factor for user: {email}")
+
+    try:
+        # Get the ID of the user
+        kratos_user = KratosUser.find_by_email(kratos_identity_api, email)
+        # Get a recovery URL
+        UserService.reset_2fa(kratos_user.uuid)
+    except Exception as error:  # pylint: disable=broad-except
+        current_app.logger.error(f"Error while removing second factor: {error}")
+
+
 cli.cli.add_command(user_cli)