sudo groupadd <groupname>
sudo useradd <username> sudo usermod -a -G <groupname> <username>
3) Edit /etc/pam.d/sshd file and add the below statement to skip PAM module for the newly created group-
auth [success=done default=ignore] pam_succeed_if.so user ingroup <groupname>
If full access is required for this new group then add below line to visudo file-
%<groupname>ALL=(ALL) NOPASSWD: ALL
When a user will be created and added to the new group, on first login MFA will be created but will not be enforced on further logins.
Thanks for checking out !