Selective MFA when org MFA is ALWAYS

If I have Security > Multi-factor Auth > Require Multi-Factor Auth set to “Always”

is there a way I can selectively NOT REQUIRE MFA for users who are authenticated via a specific Social connector?

Hey there!

Unfortunately we don’t have such an option now. I highly recommend creating a feedback card in our Feedback category here:

What would be a workaround?

Should I set MFA to Never and then for specific connections, I selectively force MFA via a custom action or rule?

I don’t think there’s a way to accomplish it at all right now. I don’t think it should be doable the way you explained it cause if you set MFA to never in the dashboard it shouldn’t change when you will be applying it through rules / actions