Bypassing/Disabling Duo for Individual SPs

Garmer, Jack - garmercj garmercj at
Tue Oct 1 14:27:03 EDT 2019

Good Afternoon!

We are currently running IDPv3.3.3 and have Duo/MFA configured to be enforced by default on all SPs. We're attempting to troubleshoot an issue with an SP regarding how the page is presented after successful SSO login. The SP's page displays as a mobile view in a desktop browser on the first login, but will direct to the desktop view on subsequent logins once the SAML and Duo cookies are in place. The vendor suspects that since the Duo auth page appears to be in a mobile view (I'm not actually sure if it is or not), that state is being carried over to the SP application through the browser or the cookie which is causing the display issue. I don't suspect this to be the case, but in an effort to cross that possibility off the list, we would like to temporarily disable MFA for this SP specifically. If it's not possible we'll have to migrate the config to our Dev environment and shut off Duo globally, which is potentially more work. I'm hoping there is a relying-party bean that may be simpler.

Can MFA be bypassed for a single SP?

Jack Garmer
Linux Systems Administrator
James Madison University
o. 540-568-4235

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list