This article explains why Agentless DSSO does not work with the Re-authentication timer set in the Authentication Policies located under Security > Authentication Policies > Rules > Re-Authentication Frequency.
- Okta Identity Engine (OIE)
- Agentless DSSO (ADSSO)
- Authentication Policies
- Re-authentication Frequency
When the Re-authentication frequency timer is exceeded for any Authentication Policy Rule, users who have previously authenticated are redirected to the Okta sign-in page.
Because the re-authentication flow utilizes a different method than the initial Okta sign-on method, ADSSO cannot be utilized. The re-authentication will fail and automatically redirect to the default Okta login page.
Users must establish a new Global Session so that a new ADSSO token can be provided. Otherwise, users will remain unable to use ADSSO until they have signed out of Okta or until the browser's cache and cookies are cleared.
