Disabling Mandatory Two-Factor Authentication
The steps below will help you, as an MSP, disable mandatory two-factor authentication (2FA) for all or some of your customers, their domains and users. When you disable enforced 2FA on the MSP level, then all admins on the MSP level, their customers, domains and users inherit this setting. Be aware that customer and domain admins can modify the enforced 2FA setting.
Disabling enforced 2FA means that 2FA becomes optional for users when they log in.
Go to Settings > Two Factor Authentication, where the All Customers table displays a list of your customers and their Enforced 2FA status.
Use the Search field to locate a specific customer.
Select the column
icon to add or remove columns from the table.
You can disable mandatory 2FA for all of your customers at once or select specific customers from the list. The steps below explain both options.
Optional 2FA for All Customers
To disable mandatory 2FA for all of your customers and make it optional, turn the Mandatory two-factor authentication for: MSP Name toggle off.
You'll be prompted in the pop-up window to confirm your action. Select Continue.
You'll see that the All Customers table has been updated to show Enforced 2FA is Off for every customer.
Optional 2FA for Selected Customers
To disable mandatory 2FA for specific customers, select the checkbox(es) for the customer(s) and from the Actions dropdown menu, select Disable 2FA.
You'll be prompted in the pop-up window to confirm your action. Select Disable.
You'll see that the All Customers table has been updated to show Enforced 2FA is Off for the customer(s).
Now that you've made 2FA optional for some or all customers, you may want to make it mandatory for specific domains or users within those domains. See 2FA for Domains and Users for further details.