VenkateshS.24837 (Customer) asked a question.
Current behavior -- during SP / IDP initiated authentication flows (Okta plus 3rd party MFA as 2nd factor) after certain time interval (considering user didn’t approve the 2nd factor within 5 – 10 mins) now, the user trying to fulfill the 2nd “factor” (verify button for 3rd party MFA ) prompt / refreshing the page after the time interval on the web browser or embedded browser (O365 thick clients), Okta takes back to sign-in widget prompting for email & password. In password-less (push notification to phone > biometric as 2nd factor) user experience setting, this behavior is skewed.
Expected behavior -- automatically re-initiate first factor with existing Kerberos token upon session expiry. added to that, clicking on "back to sign in" on Sign-in widget should take back to application at least for SP initiated flow.
Please advise any enhancements that can be made to improve user experience via any additional customization.
Hello @VenkateshS.24837 (Customer) Thank you for reacting out to our Community!
Unfortunately that is expected behaviour, if users do not complete the MFA enrolment within 5 minutes their session expires and they need to start from scratch.
Community members help others by clicking Like or Select as Best on responses. Try it today.