I need programmatic access to the Dashboard API of an MSP customer and I am provisioning an administrative account that would be pretty much unmanned but with access to all the current and upcoming organizations.
My question is: if 2FA is enforced at the organization level, is there any way to exempt specific accounts of adhering to the 2FA requirement?
The account will authenticate to the dashboard API using the API key generated for the account, rarely it will be used for interactive sessions, only as soon as it is given access to new organizations and login to the GUI is required to validate the addition. I'd like to avoid binding the second factor to SMS received on a phone number or a Google Authenticator OTP.
Thanks in advance!