0mj8t (0mj8t) asked a question.
MFA Device every 30 days
Looking into using MFA with Okta. Been having trouble configuring the way we want to roll it out. Is there a way to get it so that it prompt users only once every X amount days per device and not prompt per browser and/or app? For example if I log into an Okta app on Firefox I get prompted to MFA the first time and not again for 30 days, but if I then log into an Okta app on Chrome on the same device I'm getting prompted for MFA again even if I choose don't prompt on this device for 30 days on Firefox.
That option sets a cookie in your browser so if you use a different browser or device it will prompt again.
Joe
A new browser is treated as a new device and so you will be re-prompted to MFA on a new browser.
As @00usezlqsHdQlhvV9351.5615771738102039E12 (Customer) and @PritiS.45592 (Customer) mentioned, "Remember this device" just adds a browser cookie. If the user clears their browser cache, they'll get prompted again.
The only other option I could think of is to set specific Sign-On policies based on the user's IP address. For example, you can enable MFA for all devices that are not in the IP Whitelist. But I'm not sure if that would be acceptable in your org.
I've also seen at Oktane20 that there some smart adaptive MFA features based on the user's context. I believe that is currently in beta.
@0mj8t (0mj8t) , you could also look into the Behavior Detection feature: https://help.okta.com/en/prod/Content/Topics/Security/proc-security-behavior-detection.htm