Our Commvault users are given access via an AD user group.
That AD user group is set to have MFA enabled and therefor all our users make an MFA enabled login.
In our domain there is also a user group for MFA excepted users.
So now I would like to leave MFA enabled for the users that have commvault access (the commvault user group)
But disable MFA for the commvault users that are also in the MFA disabled group.
Is this possible?
Hi
Since the MFA is enabled at group level the changes gets applied to all users within the group.
In this situation we may have separate the users who don't need MFA and disable MFA under the group level to achieve the requirement.
We created an AD group for MFA users (the reverse of the non-MFA group) and this indeed solves the issue.
I added the AD group for all MFA users and configured in Commvault to force MFA to those users.
So the users that have access via the commvault user group and are in the MFA group will need MFA.
The users that are in the commvault user group but not in the MFA ad group (because they are in the non-MFA group) don’t get an MFA login.
I assume that commvault local users won’t get an MFA either. I don’t use those, but for security purposes I might still search for a way to force it for future local users.
Yes the local users cannot use MFA since they don't reach AD for authentication and the request gets solved locally at commserve DB
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.