Skip to main content
All CollectionsCompare and deploy metadataGuides on comparing and deploying specific metadata
How to deploy System permission 'Waive Multi-Factor Authentication for Exempt Users'
How to deploy System permission 'Waive Multi-Factor Authentication for Exempt Users'

How to find the Multi-Factor Authentication (MFA) system permission for exempt users in your comparison results

Mateusz Kochanowicz avatar
Written by Mateusz Kochanowicz
Updated over 3 months ago

In Salesforce, you can exclude a user from Multi-Factor Authentication by assigning a permission set that gives such user the Waive Multi-Factor Authentication for Exempt Users permission.

This permission allows you to exclude a user from MFA without modifying the org-wide MFA settings.

In this Salesforce org (screenshot below), the permission is named 'WMFA' and found under Setup > Users > Permissions Sets.

In order to deploy this permission from your org, you'll need to include Permission Set metadata type in your metadata filter.


​If it's an entirely new permission set created in the source org, you'd find it under the Permission Set metadata type in your comparison results.​

You also want to include for deployment the component found under Permission set: Set of user permission for a new permission set (as shown on screenshot above), as it will deploy the enabled checkbox for Waive Multi-Factor Authentication for Exempt Users permission.


If you're only deploying the Waive Multi-Factor Authentication for Exempt Users permission from source to target (as opposed to the entire permission set), it's likely you'd find it in your comparison results under Permission set: user permission metadata type, and it would look like this:

The deployed permission set can be found in the target org under: Setup > Users > Permission Sets > permission named 'WMFA' with the description 'Waive Multi-Factor Authentication for Exempt Users' > System Permissions (in 'Systems' section).

Note: The name for the permission in both your orgs will be different to 'WMFA', as this is a custom name given to this permission in the Salesforce orgs used in this article.​

Did this answer your question?