Forum Discussion
Solved
Is it good (or best) practice to exclude your office IP address from MFA requirements?
Should the office IP address allow users to sign-in without requiring MFA, or is it better to always require MFA, and keep the session active for e.g. 7 days?
- I think you should always require MFA even if coming from your IP. If you do MFA right you shouldnt be bothered by MFA authentication requests very often. The default is a rolling 90 days Window so as long you’re active more often than that you shouldn’t need to MFA often….
I think you should always require MFA even if coming from your IP. If you do MFA right you shouldnt be bothered by MFA authentication requests very often. The default is a rolling 90 days Window so as long you’re active more often than that you shouldn’t need to MFA often….