Need to add more than 50 users to MFA exclusion in a resource
I'm creating a resource that will be deployed on all our computers in the domain. The goal is to use authpoint logonapp ONLY when some administrative accounts logs into users' PCs. As far as I understand, the only way to do it is to create a resource with all our non-administrative users in the domain in the MFA exclusion list.
Unfortunately, MFA exclusion list supports max 50 users. I have 650 users in the domain.
Any suggestion on how we could reach our goal?
Thanks in advance
Sign In to comment.
My Advice would be to make two Groups in your LDAP sync something like:
Then you build two Authentication policies: One for "AuthPoint-NoLogonApp" that just has the password box checked (This tells AuthPoint to only require password)
For the other policy (For AuthPoint-LogonApp) do the same thing but enable the MFA options you want (Push and QR Code are advised)
Kaveats about this method:
Also, That config file you are looking at updating isn't for random/mass users... it is for LocalAdministrator accounts (specifically accounts not in AuthPoint) so that you have a way to break-in (that isn't tied to domain or isn't in AuthPoint) if something bricks.
We can wait and see if WG has any other alternatives but that is the way I have had to do it in the past.