Hi @kack l
As the label of the table suggests, this table sys_user_multi_factor_setup stores the recent used factors of the users which are logging using MFA.
Ex 1: If user abel.tuter logs in with 3 factors, i.e. TOTP, Email and SMS, then there will be 3 entries created with combination of user vs factor. Also, one of these factors will be marked as the recent used factor so that when abel.tuter logs in next time, its directly taken to the recent used factor.
Ex 2: If user abraham.lincoln logs in with only 1 factor, i.e. Email, then it will have only one entry and that will be the recent used factor.
So answer to your question is Yes, it will store SMS along with other factor entries as well if user has setup/used other factors also to login in the past (upgrade cases may differe).
I didnt get the second part of the question here. If you are referring to delete the SMS factor entry from this table, you can delete it. But, it will be created again the user logs in with SMS factor next time.
If you want the users to not be able to see the SMS as MFA factor, you can refer to the below docs to set the MFA Factor policy accordingly.
https://www.servicenow.com/docs/bundle/yokohama-platform-security/page/integrate/authentication/task...
FYI, Servicenow doesn't provide the OOB SMS integrations, and we ask customers to use the third part services like twilio for using SMS as a MFA Factor, so we dont actually store the OTP sent via the SMS.
Let us know if this answered your query.
Thanks!
