There may be instances when customers want to exclude certain users from needing to utilize MFA, while retaining VIP MFA services for all other users.

There isn't anyway to whitelist a user on the VIP Enterprise Gateway side. This needs to be done at the application level.

As an example, for the VIP Microsoft Credential Provider (MCP) integration, there is an option to configure a "no2fa" group. If the user is put in this group, then the MCP client does not require MFA and does not contact the VIP Radius in the authentication flow. Refer to documentation here: https://techdocs.broadcom.com/content/dam/broadcom/techdocs/us/en/dita/symantec-security-software/identity-security-authentication/vip/generated-pdfs/Integration_Microsoft_CredentialProvider.pdf

Some integrations may also support Intelligent Authentication. This does not remove the MFA requirement, but can simulate an authentication code where the user is not required to manually input an MFA option. For more information on Intelligent Authentication, please refer to this documentation:  https://techdocs.broadcom.com/content/dam/broadcom/techdocs/us/en/dita/symantec-security-software/identity-security-authentication/vip/generated-pdfs/IA_MemberSite_Integration.pdf