Symptoms
- An administrator excluded a user/group from MFA
- Excluded users are still prompted to fill OTP
Cause
Misconfiguration
Resolution
When you enable the user or group exclusion, please note the following:
- For users to connect, the Force clients to use NetBIOS credentials option must be disabled (the option is located in Connection > Authentication).
- On the Parallels Client Use Pre Windows 2000 login format should be unchecked (the option is located in Connection Properties > Advanced Settings)
- End users must then log in using their names in the UPN format (username@domain.com).
- If there is an alternative UPN suffix configured for the user, it must be used instead of the domain name:
In the example above the domain name is "ras.sup.lab" but the user must login as "ras01@example.org"; - The exclusion requires a domain environment and doesn't work in Workgroup.
- Group nesting is not supported when configuring an exclusion.
Was this article helpful?
Tell us how we can improve it.