diff --git a/web/packages/teleport/src/Account/ManageDevices/wizards/AddAuthDeviceWizard.tsx b/web/packages/teleport/src/Account/ManageDevices/wizards/AddAuthDeviceWizard.tsx
index 396c594e86f6e..bd0291736e037 100644
--- a/web/packages/teleport/src/Account/ManageDevices/wizards/AddAuthDeviceWizard.tsx
+++ b/web/packages/teleport/src/Account/ManageDevices/wizards/AddAuthDeviceWizard.tsx
@@ -38,7 +38,7 @@ import { StepHeader } from 'design/StepSlider';
 
 import { P } from 'design/Text/Text';
 
-import auth from 'teleport/services/auth/auth';
+import auth, { MfaChallengeScope } from 'teleport/services/auth/auth';
 import useTeleport from 'teleport/useTeleport';
 
 import {
@@ -84,7 +84,10 @@ export function AddAuthDeviceWizard({
 
   const { attempt, clearAttempt, getMfaChallengeOptions, submitWithMfa } =
     useReAuthenticate({
-      onAuthenticated: setPrivilegeToken,
+      challengeScope: MfaChallengeScope.MANAGE_DEVICES,
+      onMfaResponse: mfaResponse => {
+        auth.createPrivilegeToken(mfaResponse).then(setPrivilegeToken);
+      },
     });
 
   // Choose a new device type from the options available for the given 2fa type.
diff --git a/web/packages/teleport/src/Account/ManageDevices/wizards/DeleteAuthDeviceWizard.tsx b/web/packages/teleport/src/Account/ManageDevices/wizards/DeleteAuthDeviceWizard.tsx
index b1bec7b139dad..df51e825c4051 100644
--- a/web/packages/teleport/src/Account/ManageDevices/wizards/DeleteAuthDeviceWizard.tsx
+++ b/web/packages/teleport/src/Account/ManageDevices/wizards/DeleteAuthDeviceWizard.tsx
@@ -42,6 +42,7 @@ import {
   ReauthenticateStep,
   ReauthenticateStepProps,
 } from './ReauthenticateStep';
+import auth, { MfaChallengeScope } from 'teleport/services/auth/auth';
 
 interface DeleteAuthDeviceWizardProps {
   /** Device to be removed. */
@@ -60,7 +61,10 @@ export function DeleteAuthDeviceWizard({
 
   const { attempt, clearAttempt, getMfaChallengeOptions, submitWithMfa } =
     useReAuthenticate({
-      onAuthenticated: setPrivilegeToken,
+      challengeScope: MfaChallengeScope.MANAGE_DEVICES,
+      onMfaResponse: mfaResponse => {
+        auth.createPrivilegeToken(mfaResponse).then(setPrivilegeToken);
+      },
     });
 
   const [challengeOptions, getChallengeOptions] = useAsync(async () => {
diff --git a/web/packages/teleport/src/components/ReAuthenticate/useReAuthenticate.ts b/web/packages/teleport/src/components/ReAuthenticate/useReAuthenticate.ts
index 1e7d1337db3f2..7c4b11d132164 100644
--- a/web/packages/teleport/src/components/ReAuthenticate/useReAuthenticate.ts
+++ b/web/packages/teleport/src/components/ReAuthenticate/useReAuthenticate.ts
@@ -30,13 +30,6 @@ import {
   MfaOption,
 } from 'teleport/services/mfa';
 
-// useReAuthenticate will have different "submit" behaviors depending on:
-//  - If prop field `onMfaResponse` is defined, after a user submits, the
-//    function `onMfaResponse` is called with the user's MFA response.
-//  - If prop field `onAuthenticated` is defined, after a user submits, the
-//    user's MFA response are submitted with the request to get a privilege
-//    token, and after successfully obtaining the token, the function
-//    `onAuthenticated` will be called with this token.
 export default function useReAuthenticate(props: ReauthProps): ReauthState {
   // Note that attempt state "success" is not used or required.
   // After the user submits, the control is passed back
@@ -62,18 +55,6 @@ export default function useReAuthenticate(props: ReauthProps): ReauthState {
     }
   };
 
-  // TODO(Joerger): Replace onAuthenticated with onMfaResponse at call sites (/e).
-  if (props.onAuthenticated) {
-    // Creating privilege tokens always expects the MANAGE_DEVICES webauthn scope.
-    props.challengeScope = MfaChallengeScope.MANAGE_DEVICES;
-    props.onMfaResponse = mfaResponse => {
-      auth
-        .createPrivilegeToken(mfaResponse)
-        .then(props.onAuthenticated)
-        .catch(handleError);
-    };
-  }
-
   async function getMfaChallenge() {
     if (challenge) {
       return challenge;
@@ -132,10 +113,8 @@ export default function useReAuthenticate(props: ReauthProps): ReauthState {
 }
 
 export type ReauthProps = {
-  challengeScope?: MfaChallengeScope;
-  onMfaResponse?(res: MfaChallengeResponse): void;
-  // TODO(Joerger): Remove in favor of onMfaResponse, make onMfaResponse required.
-  onAuthenticated?(privilegeTokenId: string): void;
+  challengeScope: MfaChallengeScope;
+  onMfaResponse(res: MfaChallengeResponse): void;
 };
 
 export type ReauthState = {