...
The option "when users logon from the following IP addresses" allows you to restrict the previous "Multi-factor authentication" selection to apply to specified IP addresses.
(Single IP address or IP ranges, e.g. 192.168.0.1; 192.168.0.10-192.168.0.20. IP with proxy: 1.2.3.4[192.168.0.254], IP range with proxy: (1.2.3.0-1.2.3.255)[192.168.0.254], note: 192.168.0.254 is the proxy server).
"DualShield Server is offline" Section
...
The option "Except the following credential providers:" allows you to provide a list of provides that are exceptions to the default credential provider setting.
Enter each credential provider , (one uuid, per line)