How to configure different MFA providers (or none) for specific users or groups
If you want to enable different MFA providers for different users or groups, please review the following guide for configuration steps. A common scenario, would be you want internal users to use your default Duo MFA provider (or no MFA requirement at all), while external contractors are forced to use a free alternative like Google Authenticator.
To Configure Unique MFA Provider Requirements
Login to XTAM with a System Administrator account
Navigate to Administration > MFA
Configure your user and group mapping as required. Use the Add, Edit and Delete option to manage the list of users or groups. For each user or group, select the desired MFA option from the dropdown. For ease of use, if you wish to apply the same MFA provider for all users, simply check the Default option and then your single Provider.
Login to the XTAM host server and open the file $XTAM_HOME/web/conf/catalina.properties in a text editor.
Locate and comment all the line(s) that begin with the below. Please note that this may include several lines.
Enable granular MFA configuration in the $XTAM_HOME/web/conf/catalina.properties by uncommenting the line:
Save and close the file $XTAM_HOME/web/conf/catalina.properties
Restart the PamManagement service (Windows) or the pammanager service (Linux) to complete the configuration.