The Privileged Access Service looks into the user’s Active Directory/LDAP or Centrify Directory account for the mobile phone number or email address used for multifactor authentication. Normally, users without a mobile phone number or email address cannot log into Centrify Connector when you enable authentication policy controls.
To exempt users from multifactor authentication when their account does not have a mobile phone number and email address:
- Log in to the Admin Portal.
- Click Access > Policies.
- Select the relevant policy or create a new one.
- Click Login Polices > Centrify Services.
- Enable the Allow users without a valid authentication factor to log in setting in the Other Settings section.
- Click Save.