<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Setting Up Okta MFA Lifetime
Apr 20, 2026
Okta Classic Engine
Multi-Factor Authentication
Overview

This article provides information on the lifetimes of various factors and the steps to follow for setting up Multi-Factor Authentication (MFA) lifetimes.

 

NOTE: MFA will be remembered for the device cookie. As long as the configured MFA lifetime for the device cookie is valid, users will not be prompted for MFA when signing in.

Applies To
  • Factor Lifetime
  • Multi-Factor Authentication (MFA)
  • Okta Classic Engine
Solution

The MFA lifetime can be set up by performing the following:

  1. Navigate to the Admin Console > Security menu > Authentication.
  2. Select the Sign On tab. Once this tab is open, there are a few options: 
    • To add a new policy and a corresponding new rule.
    • To add a new rule to an existing policy. 
    • To edit an existing rule. 
Okta sign-on policy
  1. Regardless of choosing to edit an existing rule or to add a new one, once the rule is opened, the Policy settings section is available. At the end of this section,  there is a Multifactor authentication (MFA) part with two options available. Please select the Required option. 
  2. The Users will be prompted to enter the MFA field, with three options available. 
  3. Select After MFA lifetime expires for the device cookie option, and the MFA lifetime section will become available. The default value is 15 minutes. By clicking on the field corresponding to the Minutes, it can be changed to Days or Hours, and by clicking on the field where 15 value is written, one can insert the desired value. 
Application policy rule
  1. Once the desired configuration is completed, click on Create rule or Update rule. The available options depend on what was chosen at point 2.

    When they log in, the end user will see an option: "Do not challenge me on this device for the next [X] minutes."

    In this example, since the MFA lifetime is configured to be 15 minutes, this will also be shown on the login screen.

    Okta widget 

 

 

NOTE:

  • The lifetime for the SMS code is 5 minutes/300 seconds and cannot be adjusted.
  • The lifetime for the email code is 5 minutes. This value can be changed by going to Admin Console > Security tab > Multifactor menu > Factor Types tab > Email Authentication.

 Email authentication  

  • The lifetime for the Okta Verify code is 5 minutes. This value is hardcoded and cannot be changed. 
  • The lifetime for the Google Authenticator code is 5 minutes. This value is hardcoded and cannot be changed. 
 

Recommended content

Still looking for help?
Loading
Setting Up Okta MFA Lifetime