Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 1158 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how to temporarily disable 2FA requirement for one user?

LHerzog

Hi,

in case a user forgot the token generator  / smartphone at home.

Is there a better way than to remove a user from Authentication / Multi-factor authentication (MFA) settings?

Imagine you set

One-time password (OTP)
required for: All users
What do you do when CEO calls you (and you know it's him) and asks for temporary exception?
Other case:
When you set it for a specific group and now one user from that group needs to be excluded?
You would need to remove the group from the settings, add all users as single user object again and except that one user.
At first I was hoping toggling a MFA Token on and of at the individual user would help but it just disables that token so the user cannot login at all.
But such an option would meet my requirement exactly.


This thread was automatically locked due to age.
Parents
  • +1

    Hello ,

    Thank you for reaching out to the community, I can see you have added a list of users and groups and if that person belongs to any specific group which is mentioned in 2FA users & groups section you can simply either remove it from the group if he/she belongs to that group or if an individual user is present then you can remove that user and also you can toggle of the status or delete the token completely !! 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Hi Vivek,

    Thank you for your fast reply. So in case we have set it to All users - then there is no chance.

    But in case we have groups, we can exclude the user from the group. But that would require a special group for 2FA. The group should not be used for other firewall permissions like VPN or FW Rules with user authentication.

    We'll think about that additional group.

  • 0 in reply to LHerzog

    Yup, that's right !!

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Reply Children
No Data
Unfiltered HTML