ClickUp currently supports only an all-or-nothing MFA policy: MFA is either required for every user or for no one.

In our environment, enabling required MFA forces SSO users to complete MFA twice—once through our SSO provider and again in ClickUp—creating unnecessary friction. At the same time, we still need MFA enforced for non-SSO accounts (e.g., Guests).

Request: add the ability to require MFA only for non-SSO users. This would prevent duplicate prompts for SSO users while ensuring guest/non-SSO users authenticate securely.

Impact: reduces login friction for SSO users and improves enterprise adoption without compromising security for guest access.