We have the same need in our company.  All users have to be SSO authenticated with SAML at QR/QEM, but we had to stood up a duplicated set of QEM servers with windows auth only to  allow automation tools/scripts to authenticate at QEM APIs using a service account.

So for me, instead of using a bypass to allow user/pwd auth, I'd rather prefer to have QEM allowing different authentication methods on the same server, using different ports for each authentication method, for example all users on 443 with SAML, APIs only accounts on 8443 with windows auth, client_ID/Secrets or even OAuth access tokens.

Perhaps,  we could use the roles/permissions association in QEM to define the auth method, and manage API client_ID/Secrets or OAuth access tokens

We have done the same thing where we have 2 QEM's, one for users and one for service IDs.

However, it is not working for us and QEM performance is extremely degraded, Replicate works fine though.

We have similar findings and requirements in our organization. As per the PCI requirement, we need MFA authentication support for API. This is also going to be a mandatory approach / need to satisfy PCI (Payment card industry) standards from 2023. 

From now on, please track this idea from the Ideation portal. 

Link to new idea

Meghann

NOTE: Upon clicking this link 2 tabs may open - please feel free to close the one with a login page. If you only see 1 tab with the login page, please try clicking this link first: Authenticate me! then try the link above again. Ensure pop-up blocker is off.