Configuring MFA exceptions

Multi-factor authentication (MFA) can be enabled or disabled for all user connections, but you can configure exceptions for specific connections.

To enable or disable MFA for all users:

1. First, select from the following two options:
   • Enable MFA for all users except
   • Disable MFA for all users except
2. In the Restriction section, specify exceptions from the common rule you selected above by selecting and configuring one of the options described below.

User or group list

Specify users or group names to be excluded from the common rule. Names must be entered in UPN format (username@domain.com).

Please note the following:

• For users to connect, the Force clients to use NetBIOS credentials option must be disabled (the option is located in Connection > Authentication). Users must log in using their names in UPN format (username@domain.com).
• The exclusion requires a domain environment and doesn't work in Workgroup.
• Group nesting is not supported when configuring an exclusion.

Client IP list

Specify a single IP address or a range of addresses to be excluded from the common rule.

Client MAC list

Specify MAC addresses. You can specify a MAC address range using a double question mark as a wildcard in any part of the address. For example, 00-14-22-01-23-??, 00-14-22-01-??-??, or 00-14-22-??-??-??.

Connection to the following Gateway IPs

Specify Gateway IP addresses. Users connecting through these addresses will be excluded from the common rule.