Can an MSP login to a user account on a PC that has MFA enabled?
My clients have PCs that are Azure AD joined and all the PCs have AuthPoint installed. So as an example, Mary has a login of [email protected] with a password and after she enters her password, she must authenticate with AuthPoint then she can access her user account, desktop, files, etc.
Often, I need to log on to a user's PC to do service work to their specific user account. Attempting to sign into Mary's account will send her an MFA notification. User inheritance is great for when I need to sign into the server for example but what about when a service provider needs to access a specific user account?
Sign In to comment.
Authpoint isn't specifically designed to allow you to access someone else's account.
-If you are an admin, you can use the lost token function to disable MFA for a short period of time. You will need to know the user's password in order to do this.
-You can generate an additional token and assign it to that user's account for the duration you're working with that user's account.
Personally, I would simply suggest you have the user present while you are working with their account if possible, as that shields you from any accusations/liability that you did something/accessed something with their account.
WatchGuard Customer Support