we have Generic flat file source for IDN Admins. which has MFA bydefault.
We have a requirement where an admin can bypass the MFA for logging into sailpoint IDN. Is it possible if yes could anyone, please help me with the steps for doing that.
1 Like
MFA behavior in IDN is controlled by the Identity Security login policy, and exceptions can be configured via policy conditions.
Steps to configure MFA bypass:
- Go to Admin → Identity Security Settings → Login Policy.
- Edit the login policy where MFA is enforced.
- Add a condition based on user attributes (e.g., a specific identity attribute like title, department, or a custom attribute).
- Set the condition to bypass MFA for users matching that condition.
- Save and test with a non-critical account first.
Could you please elaborate in detail. where i can configure and how?
Admin → Identity Profiles → Select IP (Associated to IDN Admins Source) → Settings → Sign-in Method → Uncheck Multifactor Authentication
2 Likes
Hi @akumar58 , as we know, MFA is mandatory for any elevated accounts and cannot be bypassed, even if the “Multifactor Authentication” option in the Identity Profile is disabled/unchecked.
However, if the IdP is enabled for your tenant and you log in through SSO, that will count as your MFA, and the additional authentication through external authenticator (TOTP) will be skipped (as you login through SSO).
For more info, please refer to the replies in this post:
3 Likes
This response is completely unrelated to SailPoint ISC and looks to be an AI generated reply.
1 Like
Hey @akumar58,
As soon as your user level is changed to Admins the MFA is enforced and we cannot for now as per my testing (other than devrel I have tested it on actual client sandbox, qa, staging and prod environments I have tested this December 2024) can skip the MFA check so as to avoid accidental changes to the configuration or by any chance a backdoor access is introduced and that access can lead to irrecoverable damages.
Regards,
Aman
Interesting perspective on MFA behavior in ISC!
Just a quick clarification—Identity Security Settings → Login Policy isn’t actually a configurable option within ISC. MFA is instead managed through Identity Profile, where the Sign-in method must be explicitly enabled or disabled.
It’s always helpful to cross-check terminology across different platforms to ensure alignment with actual configuration workflows. Appreciate the discussion!
Regards,
Aman
1 Like
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.