Specify whether multi-factor authentication is Enabled for a classic zone or an Auto Zone. If you enable this policy, you can specify which Active Directory users and groups require multi-factor authentication to log on to their computers or to use privileged commands using the following group policies:
- Specify AD users that require multi-factor authentication
- Specify AD groups that require multi-factor authentication
This policy does not affect multi-factor authentication settings in hierarchical zones.
Before enabling this policy, you should be aware that multi-factor authentication relies on the infrastructure provided by the Centrify identity platform and the cloud-based Centrify identity service.
Muti-factor authentication is disabled by default.
This group policy modifies the
adclient.legacyzone.mfa.enabled configuration parameter in the agent configuration file.
Note that on computers running Centrify Express agents, you must set this policy using the configuration parameter. Group policies are not supported for Express agents.