• Sign-on policy
• Passwordless authentication
• Okta Classic Engine

This could be used to control the Okta session for the end users. Using this could make the dashboard more user-friendly, not having the user log into Okta every 2 hours, and it will also make sure that the session is being cleared (depending on the situation) for enhanced security. The maximum time the session can be set is currently 180 days. 

1. Go to Security > Authentication > Sign on > add a new rule or edit an existing one (by clicking on the pencil icon). 
2. Depending on the selected option, set up the following:
   1. Whether MFA is required or not.

• Depending on the selected option, Multi-factor Authentication (MFA) can be:
  • Not required
  • Required:
    • Every login
    • When signing in with a new device cookie -  When selecting this option, a new option will appear that says: "Select "Don't prompt me again for MFA" by default". Choose this option if users should not be prompted again for MFA on their device after their first sign-in.
    • After the MFA lifetime expires - When selecting this option, the MFA lifetime will also need to be set. By default, it is 15 minutes.

2. Okta global session management. Here, the following can be set:

• Maximum Okta global session lifetime - the maximum lifetime for a session can be 180 days.
• Global session idle time - maximum 30 days.
• Session cookies persist across browser sessions.

NOTE: The Factor and Session lifetime will be overwritten if the user logs in and triggers another password policy or if the session is completely reset by closing the browser or clearing the cache.