Enhancement Request - Deny 'Bypass' at Policy Level

Please could we have a policy setting which denies the use of ‘Bypass’ for specific applications?

We recognise the value Bypass can have, and we use it under very limited circumstances. However, there are some applications which are considered particularly sensitive and it would be valuable if we could mitigate the potential risks in a proportionate manner.

Hi there! Could you clarify what you mean by Bypass here? If you’re referring to Bypass 2FA in the Authentication Policy, you can apply this at either the group, application, or global level. By applying it at the application level, you can allow users to bypass 2FA for some applications but not others. Or are you referring to bypass status for users or bypass codes?

Either way, if you’d like to file an official feature request for this functionality, you can do so by contacting the Duo Support team, or your Customer Success Manager or Account Executive if you are a Duo Care customer.

User Bypass Status

Thanks for clarifying that! Please refer to my previous comment for how to get help logging this as an official feature request :slight_smile: In the meantime, it may not be the ideal solution for you, but you could accomplish this with the workaround of using the authentication policy with groups of users.