Step 3 — call once /business/2fa/reset/status reports LIVENESS_PASSED. The behaviour depends on the factor the reset was opened for: — totp: any existing TOTP configuration is cleared and a fresh secret and provisioning URI are returned; finish enrollment via /business/resume/setup-two-factor, which marks the reset COMPLETED. — passkey: any existing passkeys are removed and fresh PublicKeyCredentialCreationOptions are returned; finish via /business/passkey/register/complete. — sms: provide the new mobile (countryCode + number); the stored number is updated and the reset is closed in this one call (no additional one-time code is required, as the identity verification check serves as proof of identity). — Completing the reset revokes the business's active SCA sessions and clears any time-bounded lock.