Currently if a Privacy Idea Authenticator token has been deleted directly from the Privacy Idea UI, an error is thrown when you try to delete that authenticator token from a CO Person record in Registry ( and therefore you cannot delete the authenticator token).  Instead, Registry should probably just mark that authenticator token as deleted in the database so that it will not be shown in association with the CO Person record, and give a warning that it was unable to find that authenticator token in the Privacy Idea database.