WORKERS AHEAD!
You are viewing the development documentation for the Apereo CAS server. The functionality presented here is not officially released yet. This is a work in progress and will be continually updated as development moves forward. You are most encouraged to test the changes presented.
Bypass - Multifactor Authentication Trusted Device/Browser
Users are allowed to optionally opt out of registering a trusted device with CAS as part of the MFA workflow. Furthermore, trusted device workflow for MFA can be bypassed on a per application basis:
1
2
3
4
5
6
7
8
9
10
{
"@class": "org.apereo.cas.services.CasRegisteredService",
"serviceId": "^(https|imaps)://app.example.org",
"name": "Example",
"id": 1,
"multifactorPolicy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
"bypassTrustedDeviceEnabled" : true
}
}