<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How to Bypass MFA for Service Accounts in Desktop MFA for Windows
Feb 17, 2026
Multi-Factor Authentication
Okta Identity Engine
Overview

This article describes how to bypass MFA for Service Accounts on Windows desktop devices using Desktop MFA.

Applies To
  • Okta Identity Engine (OIE)
  • Desktop MFA for Windows
Solution

To completely bypass MFA for a service account in Desktop MFA for Windows, add the account to the MFABypassList registry key. Users on this list do not need to authenticate with MFA. If a user is listed in both MFARequiredList and MFABypassList, MFABypassList takes precedence. The registry key is stored at HKLM\Software\Policies\Okta\Okta Device Access.

 

Registry Key Name: MFABypassList

Type: REG_MULTI_SZ

Default: Empty

 

Possible values for this setting:

  • Empty: MFA applies to all users.

  • username@domain.com: Separate users with a semi-colon; character.

  • GroupName: Separate group names with a semi-colon; character.

For example: john.doe@company.com;IT_Admins;Finance_Team.

 

Related References

Recommended content

Still looking for help?
Loading
How to Bypass MFA for Service Accounts in Desktop MFA for Windows