Hi,
Is there any way in which we can exclude all the users part of a particular domain(say @xyz.com) from app sign-on policies for MFA at once? Instead of manually entering each user of that particular domain one by one.
Thanks
Hello,
The best way I know to accomplish this would be,
- create a group for all of these users
- setup a group rule for users whose email contains the domain and add them to the group
- add the group to the application sign on policy and deny access
But this step also requires manually adding users to the group right?
Group Rules add users to a group automatically based off of your defined criteria
https://help.okta.com/en/prod/Content/Topics/users-groups-profiles/usgp-about-group-rules.htm
will check it out, thanks for the quick response!
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.