Configure MFA exceptions

Multi-factor authentication (MFA) can be enabled or disabled for all user connections, but you can configure exceptions for specific connections.

To enable or disable MFA for all users:

1. First, select from the following two options:
   • Enable multi-factor authentication for all user connections
   • Disable multi-factor authentication for all user connections
2. In the Connection navigation bar, specify exceptions from the common rule you selected above by selecting and configuring one of the options described below.

User and Group exceptions

Specify users or group names to be excluded from the common rule. Names must be entered in UPN format (username@domain.com).

Please note the following:

• For users to connect, the Force Clients to use NetBIOS credentials option must be disabled (the option is located in Connection > Authentication). Users must log in using their names in UPN format (username@domain.com).
• The exclusion requires a domain environment and doesn't work in Workgroup.
• Group nesting is not supported when configuring an exclusion.

Gateway exceptions

Specify Gateway IP addresses. Users connecting through these addresses will be excluded from the common rule.

IP exceptions

Specify a single IP address or a range of addresses to be excluded from the common rule.

MAC exceptions

Specify MAC addresses. You can specify a MAC address range using a double question mark as a wildcard in any part of the address. For example, 00-14-22-01-23-??, 00-14-22-01-??-??, or 00-14-22-??-??-??.