Previous page

Next page

Locate page in Contents

Configuring Exclusion Rules

When configuring multi-factor authentication, you have the ability to create exclusion rules to allow some users to be exempt from multi-factor authentication enforcement. To specify exclusion rules, select the Connection category and then select the Multi-factor authentication tab in the right pane. The types of exclusion rules that can be configured are described below.

Exclude users or groups

  1. Select the User or group exclude list option and click Configure.
  2. In the dialog that opens, click Tasks > Add.
  3. Select the required location and enter a user or group name in the UPN format (username@domain.com).
  4. Click OK.

When you enable the user or group exclusion option, please note the following:

  • For users to connect, the Force clients to use NetBIOS credentials option must be disabled (the option is located in Connection > Authentication). Users must log in using their names in the UPN format (username@domain.com).
  • The exclusion requires a domain environment and doesn't work in Workgroup.
  • Group nesting is not supported when configuring an exclusion.

Exclude client IP addresses

  1. Select the Client IP exclude lit option and click Configure.
  2. In the dialog that opens, click Tasks > Add in the desired section (IPv4 or IPv6).
  3. Specify a single IP address or a range of addresses.
  4. Click OK.

Exclude client MAC addresses

  1. Select the Client MAC exclude list option and click Configure.
  2. In the dialog that opens, click Tasks > Add.
  3. Select a client MAC address from the list. You can also specify a MAC address range using a double question mark as a wildcard in any part of the address. For example, 00-14-22-01-23-??, 00-14-22-01-??-??, or 00-14-22-??-??-??.

Exclude gateway IP addresses

  1. Select the Connection to the following Gateway IPs option.
  2. In the field below the checkbox, type a gateway IP address or expand the drop-down list and select one or more IP addresses (if available). Click the plus sign icon to add the available gateways to the list.
  3. Click OK to save the selection and close the dialog. The IP addresses will appear in the Connection to the following Gateway IPs edit box.