Windows Logon agent Override Group not working with local users

Windows Logon agent overrides

Passly has an agent that can be deployed to Windows OS supported systems. For more information on that specific agent please see this article.

The Windows Logon Agent can be deployed to Windows Servers, Desktops or Portables. The agent has an optionally enabled override group to allow for specific users to be excluded from 2FA on their login.

The agent can be deployed to Domain joined or Stand-alone Windows based PC/Servers.


With Domain joined machine the Windows Logon Agent will leverage a Domain security group for the Passly override. Whereas a stand-alone Windows machine leverages a local security group.

There is currently no way to add a local machine user or local security group to a Domain joined group.

That being the case, there would be no way to allow a local user account to be added to the domain override group. If we can’t add that user to the group, the agent will not be able to exclude their logins.

Work Around

The only way a local user will be able to be overridden will be to provide them an override password.

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section