If necessary, you can exempt certain users from the two-factor authentication (2FA) process. Exemptions are issued by credential, meaning you can require a user to utilize two-factor authentication with one specific credential but not another. For example, you may want your users to utilize 2FA with their physical keycards but not with their Sequr mobile keys. Follow the steps below to exempt a user from the 2FA process.
1) Navigate to the profile of the user that you would like to exempt from the 2FA process.
2) Under the user's 'Keys' section, click on the specific key that you would like to exempt from the 2FA process.
3) To exempt the user's key from the 2FA process, check the 'PIN exempt' box.
When the box is filled, the user's key will be exempt from the 2FA process. This means that on any 2FA enabled readers, the user will not be required to use both their credential and PIN in order to gain access to the property.
When the box is not filled, the user will not be 2FA exempt. This means that on any 2FA enabled readers, the user will be required to use both their credential and PIN in order to gain access to the property.
4) Press the 'Save' button to exempt the user's key from the 2FA process.
If a user has multiple credentials and you've only granted exemptions for some but not all of their credentials, then the user will have to utilize 2FA for any nonexempt keys in their possession.
IMPORTANT NOTE: At this time by default, mobile keys will automatically be exempt from the 2FA process. If you would like your users' mobile keys to be automatically nonexempt, please contact firstname.lastname@example.org for assistance.
If you have any questions or would like to learn more about two-factor authentication exemptions, please send inquiries to email@example.com.