Disable Multifactor Authentication

If required, security administrators can disable Multifactor Authentication (MFA) for users. That means, security administrators can determine whether users can sign in using their username and password or do they need to set up MFA. However, this feature is available in environments that are provisioned with release 25C or earlier. For releases 25D and later, MFA is enforced and can't be disabled. 

You can change the MFA settings in the Security Console, at the user category level. 

1. On the User Categories page of Security Console, select a user category.
2. Select Two-Factor Authentication.
3. Select Edit.
4. Deselect Requires MFA and click Save and Close.

If users don't need to sign in using MFA, security administrators can deselect this option to not enforce MFA. 

Steps to enable and configure

You don't have to do anything to enable this feature. 

Access requirements

To manage the MFA settings in Security Console, administrators must be assigned a custom role based on the IT Security Manager role.