This article discusses why users get prompted to reauthenticate when trying to edit the end user Settings Page.
- End Users
- Self Service
- Okta Classic Engine
When a user logs in to Okta, the user is granted a 15-minute session for the Settings page with the already entered password. The following will then apply:
-
If the user clicks on the Settings page within 15 minutes after the initial login (to Okta), the user will be able to see and edit the settings, and Okta will not ask the user to re-authenticate.
-
If the user clicks the Settings page after 15 minutes of the initial login, user would be able to see the settings, but to edit any setting on the page, he/she will need to re-authenticate:
-
Users who have MFA enrolled will be prompted for the password and then need to pass the MFA challenge.
-
Users without any MFA: Need to enter the password, and then can edit settings on the page.
-
Users without any MFA, but MFA enrollment is optional on the Org: They will be prompted to enroll in MFA after entering the password, and next time they try to log in to the Settings page, they need to enter their password and pass the MFA challenge.
