Bypass MFA for a specific user
You can bypass multi-factor authentication (MFA) for a specific user for a specific duration. This suspends the requirement for a user to authenticate using their secondary authentication method for the specified amount of time.
Steps
-
In the PingOne admin console, go to Directory > Users and browse or search for the user that you want to edit.
-
Click the user entry to open the user details panel.
-
Click the Services > Authentication tab.
-
To bypass MFA for single sign-on (SSO), in the Multi-Factor Authentication section, click Allow MFA bypass, and then in the Bypass modal, select the bypass duration and click Bypass.
The bypass time remaining and a Resume link are shown. Click Resume to resume MFA for the selected user.
-
(Workforce only) To bypass MFA for a specific service, in the Integrations section, next to the relevant service, click the More Options (⋮) icon and then select Disable or Bypass. Bypassing a service suspends the need for a user to authenticate using the secondary authentication method for a specified amount of time.
Audit events for bypassing a non-SSO service are only logged in the legacy PingID admin portal PingID report, and appear in the format
{service-name} bypass