Don't ask for 2FA for local account

Hello, I ve setup multiotp in a domain environment, every thing is working as expected But on every computer I have one localadmin account. The Password of this account will change ever 30 days automaticly But when I try to login with the local account, I am ask for the second factor During installation process I have selected "Disable 2FA promt for multiOTP without 2FA users" the account name does not exist in the domain. i ve tried ".\username" and "username@computername" In both cases I am asked for the second factor Is there a way to get access with the local account and without a second factor? thanks

Comments

  • Hello, in order for multiOTP to know that the user must not enter a 2FA, you need to create it in your multiOTP user list. Then in the "Assigned Token" section, select "Software" then choose WITHOUT2FA. Please make sure you have the latest version of the credential provider and also make sure your multiOTP server is up to date. We also would like to strongly advise you to keep 2FA for all admin accounts. Best regards Yann
  • OK two more questions, just to understand it correctly. I just have to add the account of the localadmin to the server and assign the token? thats it? Than I can mix AD and local accounts? If I lock in with the localadmin account, it will cache the credentials on the computer, after changing the password of this account, am I still able to login without connection to the multiOTP Server? thanks
  • Hello, yes juste create a user with a software token "Without2FA". Yes you can mix AD and local accounts as long as they do not have the same name. When a user has "Without2FA" as a token, multiOTP doesn't make any verfication. It just replies "user without 2FA" and the credential provider consider this as a successfull MFA login. Best regards.
Sign In or Register to comment.