Disabling Mandatory Two-Factor Authentication
The steps below will help you, as a customer admin, disable mandatory two-factor authentication (2FA) for all or some of your domains and users. When you disable enforced 2FA on the customer level, then all admins on the customer level, their domains and users inherit this setting. Be aware that domain admins can modify the enforced 2FA setting.
Disabling enforced 2FA means that 2FA becomes optional for users when they log in.
Go to Settings > Two Factor Authentication, where the All Domains table displays a list of your domains and their Enforced 2FA status.
Use the Search field to locate a specific domain.
Select the column
icon to add or remove columns from the table.
You can disable mandatory 2FA for all of your domains at once or select specific domains from the list. The steps below explain both options.
Optional 2FA for All Domains
If the Mandatory two-factor authentication for: Customer Name is enabled, then it means that users in your domains must use 2FA when logging in.
To disable mandatory 2FA for all of your domains and make it optional, turn the Mandatory two-factor authentication for: Customer Name toggle off.
You'll be prompted in the pop-up window to confirm your action. Select Continue.
You'll see that the All Domains table has been updated to show Enforced 2FA is Off for every domain.
Optional 2FA for Selected Domains
To disable mandatory 2FA for specific domains, select the checkbox(es) for the domain(s) and from the Actions dropdown menu, select Disable 2FA.
You'll be prompted in the pop-up window to confirm your action. Select Disable.
You'll see that the All Domains table has been updated to show Enforced 2FA is Off for the domains(s).
Now that you've made 2FA optional for some or all domains, you may want to make it mandatory for certain users within those domains. See 2FA for Users for further details.