<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000AH6LMYCQ3Okta Classic EngineMulti-Factor AuthenticationAnswered2024-10-31T16:41:32.000Z2024-10-09T15:45:19.000Z2024-10-31T16:41:32.000Z

User16690495511912318825 (Customer) asked a question.

October 9, 2024 at 3:45 PM
Configure Remember Device to prompt after specific number of days

We allow our users to choose “Remember this Device”, and if they do, we do not prompt them again for MFA. However, instead of never prompting again when user chooses “Remember This Device”, we want to configure the system to prompt the user for MFA after a longer period of time, such as six months. Is this a setting in the admin console, or is it something we would have to manage on our end?

  • 1 answer
  • 694 views

  • paul.stiniguta1.508386743840768E12 (Okta, Inc.)

    Hello @User16690495511912318825 (Customer)​  Thank you for posting on our Community page!

     

    This is indeed something that can be configured. This setting should be under Security-> Global session and then edit the required Policy:

    • After MFA lifetime expires for the device cookie: Users are challenged for MFA when they attempt to sign in after the MFA lifetime period has expired. MFA lifetime is only enforced when a new session is created or if the user changes devices.
      • MFA lifetime: This option appears when you select After MFA lifetime expires for the device cookie. Type a numerical value in the field on the right, then select a value from the dropdown list (DaysHoursMinutes).

    https://help.okta.com/oie/en-us/content/topics/identity-engine/policies/add-okta-sign-on-policy-rule.htm

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best

  • paul.stiniguta1.508386743840768E12 (Okta, Inc.)

    Hello @User16690495511912318825 (Customer)​  Thank you for posting on our Community page!

     

    This is indeed something that can be configured. This setting should be under Security-> Global session and then edit the required Policy:

    • After MFA lifetime expires for the device cookie: Users are challenged for MFA when they attempt to sign in after the MFA lifetime period has expired. MFA lifetime is only enforced when a new session is created or if the user changes devices.
      • MFA lifetime: This option appears when you select After MFA lifetime expires for the device cookie. Type a numerical value in the field on the right, then select a value from the dropdown list (DaysHoursMinutes).

    https://help.okta.com/oie/en-us/content/topics/identity-engine/policies/add-okta-sign-on-policy-rule.htm

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best
This question is closed.
Loading
Configure Remember Device to prompt after specific number of days