Rule to bypass scope

I am trying to temporarily disable MFA for users if they have not already setup MFA.

I have been able to create a rule to bypass MFA if MFA has not been setup for a user but if MFA has already been set, it will continue to operate with full MFA.

I would like to find a way to temporarily bypass claims / scopes that are being requested as well. We currently get the window where the user has to Authorize access to a scope. It doesn’t really make sense for where we are since these are all within our application control already.

I have tried adding the authorization in the API but it doesn’t seem to bypass the requirement to grant access to the scope.

Is there a rule that I could add the would simply bypass this request but automatically grant access to the requested permission?


Hi @gary1

If all you want to do is bypass the consent screen ( User Consent and Third-Party Applications ) , you can do it by adding an API, enabling the Allow Skipping User Consent toggle ( API Settings ) and using it’s identifier as the audience in your authentication request.

You can also read more about it here:

1 Like

@ricardo.batista - Thank you. I was doing this but the problem was I was testing using localhost which your link says won’t work. I changed to non-localhost environment and worked as I was expected.

Thanks - close ticket

1 Like

Perfect! Glad to hear that!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.