We have enabled the passonnotoken option because we thaught this could give us time to slowly migrate the user on TFA. We thaught that this option will check the user login, and bypass TFA if there is no token.
But the user can login with any password, so no only TFA will be skipped.
Is this a bug or a feature?
We are using PrivacyIdeay for VPN Login and we have not deployed ever Token to the users, is there another way to let the users login without TFA if they don’t have a token?