tlb56 (tlb56) asked a question.
EDIT -- The behavior described here is exactly what I am referring to. Is there any way I can change that 15 minute setting, such that its effectively 0 (always ask for reauthentication)?
ORIGINAL POST:
When a user logs into their Okta portal, using FIDO 2FA, they can immediately go into their profile, and setup another 2FA (e.g. security key/biometric authenticator, or yubikey) without being prompted for authentication a second time. However, if they login and then after 30 minutes attempt to add another 2FA device, they have to click 'edit profile' and re authenticate before proceeding to add another 2FA device.
What is the setting that controls this behavior? I want to force users to reauthenticate before adding another 2FA device, regardless of how long they have been signed in.
Hello @tlb56 (tlb56) Thank you for reacting out to our Community!
Unfortunately at this time there is now way to configure this, this is hardcoded. However you can add a Feature Request on our Idea section, for a chance that this functionality to be added in the future.
https://support.okta.com/help/s/ideas
The Okta Community Catalysts Program is now live. Collect online badges when you participate in the Okta Help Center Questions community. Learn more here.
Join us in the Oktane discussion group to connect with attendees or just stay connected to the event.