Currently, only the user can manage the user-enrolled methods for MFA. If a user were to only choose Authenticator/IBM Verify as their authentication method, and lose their device, they are essentially locked out of the system.
An administrator or ISIM cannot go in to remove or input a new recovery method for the user. The only option is to delete the user account and recreate it. This has downstream impacts.
Administrators should have the ability to manage the user's attributes and recovery options. Especially in "break the glass" scenarios.
Do not place IBM confidential, company confidential, or personal information into any field.