This policy lists PAM applications for which multi-factor authentication should be ignored. For example, if you have a role with the login-all PAM application right and have selected the "Multi-factor authentication required" system right, you can use this group policy to bypass multi-factor authentication for programs that don't support it. You can also add program names to this list to skip multi-factor authentication when you want to make specific exceptions to the MFA requirement.
By default, programs which are known to be unable to support multi-factor authentication are included in the list.
This group policy modifies the pam.mfa.program.ignore setting in the Centrify DirectControl configuration file.