Specify programs for which multi-factor authentication is ignored

This policy lists PAM applications for which multi-factor authentication should be ignored. For example, if you have a role with the login-all PAM application right and have selected the "Multi-factor authentication required" system right, you can use this group policy to bypass multi-factor authentication for programs that don't support it. You can also add program names to this list to skip multi-factor authentication when you want to make specific exceptions to the MFA requirement.

By default, programs which are known to be unable to support multi-factor authentication are included in the list.
This group policy modifies the pam.mfa.program.ignore setting in the Centrify DirectControl configuration file.

Supported on:

Exclude the following credential providers. Enter the comma-separated CLSIDs for multiple credential providers to be excluded from use during logon.

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Pam
Value Name
Value TypeREG_DWORD
Default Value{60b78e88-ead8-445c-9cfd-0b87f74ea6cd},{6f45dc1e-5384-457a-bc13-2cd81b0d28ed},{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}

centrifydc_settings.admx

Administrative Templates (Computers)

Administrative Templates (Users)