Disable MFA challenges on direct UI logins for users or orgs that aren’t required by Salesforce to use multi-factor authentication, per the Salesforce Trust and Compliance Documentation. This permission overrides the Multi-Factor Authentication for User Interface Logins user permission and the Require multi-factor authentication (MFA) for all direct UI logins to your Salesforce org setting.

Exclude Exempt Users from MFA

Some use cases are exempt from the MFA requirement. When Salesforce enables and enforces MFA in the future, many of these use cases will be excluded automatically. But there are a few cases that customers must exclude on their own. If any of these situations apply to your environment, use the Waive Multi-Factor Authentication for Exempt Users user permission before MFA is enabled for your org – either by yourself or by Salesforce in the future.

1. From Setup, in the Quick Find box, enter Permission Sets, and then select Permission Sets.
2. Click New.
3. Enter your permission set information.
4. Select the types of users for the permission set. Select a specific user or permission set license. Or, if users with different licenses are assigned the permission set, select None. If the permission set is associated with a specific license, it can only include the permission and settings entitled by that license.
   When creating a permission set for a specific permission set license, refer to that feature’s documentation. For example, to create a permission set for the Identity Connect permission set license, use these steps along with the Identity Connect documentation.
5. System settings > Edit > seacrch Waive Multi-Factor Authentication for Exempt Users  – Enable or Check – Save