Bypass MFA

How to bypass MFA for users when they are within the corporate network or on a managed device.

MFA is optional but strongly recommended for organizations. Under certain conditions, organizations may choose to bypass the default multi-factor authentication behavior. Akamai provides customers with configuration options that allows an administrator to bypass its MFA capabilities in the following circumstances:

Use bypass MFA only if you understand the risks and agree to assume responsibility for them.

Bypass MFA only applies to MFA factors like SMS, Email, TOTP, DUO and does not apply to certificate-based authentication of IdP. Bypass MFA cannot be used with PCI DSS MFA.

The workflow is:

STEP 1: If you’ve configured an MFA policy in Akamai identity provider (IdP), then also add one or multiple bypass MFA criteria in the IdP. By default, the bypass MFA criteria will apply to all applications using this IdP.

STEP 2: Use the identity provider as the authentication source for the application you want to bypass MFA. Assign the directory the user belongs to this identity provider.

STEP 3: When the user accesses the application or the identity provider, and the bypass criteria is met, MFA is not prompted for the user. If any of the bypass MFA criteria is not met, the user is prompted for MFA.