1. Options for Receiving One-Time Codes: Typically, if users have enabled authenticator as an optional factor, they should still be able to receive one-time codes via email, especially if email is set as a mandatory factor. Users may have the option to choose between receiving the one-time code via email or using their authenticator app. However, this specific configuration might depend on how MFA is implemented and configured in your ServiceNow instance. It's advisable to check the specific settings and configurations within your ServiceNow environment to confirm this behavior.

2. Self-Service Reset for Authenticator Validation: Whether users can reset authenticator validation as a self-service action or if it requires system administrator intervention depends on the configuration and policies set up in your ServiceNow instance. ServiceNow typically provides flexibility in configuring self-service options for users, including resetting MFA factors like authenticator validation. This can usually be configured based on your organization's security policies and requirements. You can check the ServiceNow documentation or consult with your ServiceNow administrator to understand how self-service reset for authenticator validation can be configured in your environment.

For both questions, it's essential to review your organization's specific configurations and policies within ServiceNow, as these capabilities can be tailored to meet your organization's security and usability needs.