WatchGuard Support Center

Knowledge Base - Article

000017482
 Deactivated Active Directory users bypass MFA for the AuthPoint agent for Windows

Tracking ID: AAAS-11726
Status: Resolved
Resolved In:

Deactivated Active Directory users can log in to a computer with the agent for Windows installed without MFA (user name and password are still required). This only happens the first time the user logs in after they are deactivated. When the user tries to log in again, they receive a Windows error message.

This issue is not related to the agent for Windows and happens whether or not the agent for Windows is installed. Deactivated Active Directory users can successfully log in the first time after they are deactivated.

No workaround exists at this time.