Windows Logon agent overrides
Passly has an agent that can be deployed to Windows OS supported systems. For more information on that specific agent please see this article.
The Windows Logon Agent can be deployed to Windows Servers, Desktops or Portables. The agent has an optionally enabled override group to allow for specific users to be excluded from 2FA on their login.
The agent can be deployed to Domain joined or Stand-alone Windows based PC/Servers.
Issue
With Domain joined machine the Windows Logon Agent will leverage a Domain security group for the Passly override. Whereas a stand-alone Windows machine leverages a local security group.
There is currently no way to add a local machine user or local security group to a Domain joined group.
That being the case, there would be no way to allow a local user account to be added to the domain override group. If we can’t add that user to the group, the agent will not be able to exclude their logins.
Work Around
The only way a local user will be able to be overridden will be to provide them an override password.