When a Security Assertion Markup Language (SAML) / Web Services Federation (WS-FED) application's sign-on rule is configured to prompt for re-authentication, users are not prompted to re-authenticate.
| Okta Classic Engine | Okta Identity Engine |
- Security Assertion Markup Language (SAML)
- Web Services Federation (WS-FED)
- Office 365
- Re-authentication frequency
The "prompt for authentication" feature in the Okta sign-on rules triggers a re-authentication prompt for applications accessed through the Okta end-user dashboard (chiclets), which directly interact with the active Okta Identity Provider (IdP) session. Applications that maintain independent sessions are not subject to this prompt.
Okta's "prompt for authentication" feature primarily applies to applications accessed through the Okta end-user dashboard and that interact directly with the Okta IdP session. Re-authentication for the application session requires configuration on the vendor side, as the application session is controlled independently from the Okta IdP session.
- For web applications, this may involve configuring session timeouts and re-authentication mechanisms within the application itself.
- For thick clients, this typically requires leveraging the policies configured within the application.
- For example, for Office 365 native applications, re-authentication intervals are primarily controlled by configuring Conditional Access Policies within Microsoft Entra ID (formerly Azure AD), as defined and managed by Microsoft.
