Disable local MFA requirement for password decryption

[blainvillem]

Hello,

Since upgrading to GLPI Account plugin v3.1.4, we noticed that local GLPI MFA is required in order to decrypt passwords stored in the plugin.

In our environment:

• GLPI uses SSO with Microsoft 365 (Azure AD / Entra ID)

• MFA is already enforced at the identity provider level

• All users authenticate through SSO

Because of this, users now have to deal with two different MFA mechanisms:

• one during Microsoft 365 login

• one inside GLPI

This is confusing for users and creates unnecessary friction, as MFA is already validated during the SSO authentication process.

Question

Is there a way to disable or bypass the local GLPI MFA requirement for password decryption

If not, is this behavior mandatory by design?

Thanks for your clarification.

Best regards,

[nathan-ventura]

Just to reiterate, this issue is really important. Disabling GLPI's multi-factor authentication (MFA) requirement when using SSO login is a major problem for the user.

[tsmr]

Hello
Sorry but the plugin does'nt use local MFA of GLPI by design