[keycloak-user] Keycloak -2FA Token Reset

Hi, I’m helping my organisation to build and portal framework and one of the module is user login where Keycloak is being used as IDAM. One of the feature which we have enabled is 2 factor authentication and I’ve requirement to allow user to reset their 2FA token but my understanding from reading few blogs is that it is only possible via forgotten password flow. Is my understanding correct or I’m missing something? Could you please advise. One of the other team is using WS02 as API manager and there’s option where if user need to reset token then admin can delete secret key from user’s profile which will then prompt user to rescan a new code on attempt to login. If Keycloak doesn’t have out of the box feature, can similar steps be done in Keycloak to reset token? Regards Sandeep