Configure multi-factor authentication for logon when the agent cannot connect to the Platform

Enable this policy to configure offline multi-factor authentication for users that are required to use multi-factor authentication to log on, in the event that the agent cannot connect to the Centrify Authentication Server.

If this policy is disabled or not configured, the default is "If an offline passcode is set up, prompt for offline MFA. Otherwise, allow the user to proceed and remind them to set up the offline passcode."

Supported on:

When MFA is required for logon but the machine is offline:


  1. If an offline passcode is set up, prompt for offline MFA. Otherwise, don't allow to proceed.
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Centrify\DirectAuthorize\Agent
    Value NameOfflineMfaMode
    Value TypeREG_SZ
    ValueEnforced
  2. If an offline passcode is set up, prompt for offline MFA. Otherwise, allow the user to proceed and remind them to set up the offline passcode.
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Centrify\DirectAuthorize\Agent
    Value NameOfflineMfaMode
    Value TypeREG_SZ
    ValueOptional
  3. Allow to proceed. Don't prompt for offline MFA.
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Centrify\DirectAuthorize\Agent
    Value NameOfflineMfaMode
    Value TypeREG_SZ
    ValueDisabled


centrify_windows_settings.admx

Administrative Templates (Computers)

Administrative Templates (Users)