Remember Device Button Skip to main content
https://support.okta.com/help/blogdetail?id=a67f0000000l0uvias&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fblogdetail
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.

Remember Device Button

Apr 05, 2016 | by Arturo Hinojosa in MFA
We often get questions from customers on how the "Remember Device" button works with Okta multi-factor authentication (MFA).

User-added image

Administrators have the option of setting MFA policies so users are only prompted for a second factor once per session or once per device.

Okta Sign-on Policy Wizard: Require MFA once per device or once per session. Per session is selected and you can configure timeouts for factor persistence and session persistence.

The Remember device checkbox is used by Okta to create a cookie so a user is not prompted again during that session or from that device.

However, if the session lifetime is too short, or the factor lifetime is too short, users may think the button is not working as designed. Additionally, for security reasons this check box is not selected by default. As a result, behavior can appear to be inconsistent if users login after a session has expired, forget to check the box again, and try to login again during the same session.

We apologize for any confusion or frustration, and are actively working to improve the end user experience. Soon, admins will be able to leverag the new Okta Sign-on Policy to set better defaults for users to make MFA more intuitive, as well as give more control to users leveraging Integrated Windows Authentication (IWA). Additionally, users will be able to manage their known devices, and will be able to "forget" a device should it be lost or stolen.

In addition to the improvements already planned, as part of Okta Adaptive MFA, Okta will "learn" what are the normal devices and networks users authenticate from, and allow IT to set a policy to only prompt users from unknown devices or locations.

To learn more about Okta Adaptive MFA, please visit the product page on our website or contact your Okta account executive.

Comments

  • Daniel Goneau - Domain Admin on July 19, 2017

    I'm confused... the issues we're having is that once a user selects "remember my device" it does just that... and never logs the user out.
    That's great for the user... but our configurations say "Per device" "session life time = 8hours" - However, it doesn't logout or reauthenticate the users, ever.

    This article seems to say the opposite, where even thought the option to remember the device was selected, the users are still getting logged out and they have to log back in (in some cases).

    Has my issue come up?

    Is there a way to disable "remember my device"? (security team is asking) while you guys work out this bug?
    photo booth rental