multiOTP
commented
1 year ago Hello,
Yes, currently, the unlock timeout is valid for the last "logged-on" OR "elevated privilege authentication" account. We will change the behavior and the unlock timeout will be valid for the last authenticated ("logged-on" OR "elevated privilege authentication" OR unlocked).
In your case case, the current behavior is:
- User Z log-in with 2FA (user Z stored for unlock timeout)
- Privilege elevation with user A with 2FA (user A stored for unlock timeout)
- At next unlock for user Z, 2FA is requested
- At the second unlock for user Z, 2FA is still requested
Forthcoming behavior:
- User Z log-in with 2FA (user Z stored for unlock timeout)
- Privilege elevation with user A with 2FA (user A stored for unlock timeout)
- At next unlock for user Z, 2FA is requested (user Z stored for unlock timeout)
- At the second unlock for user Z, 2FA is no more requested
Regards,
OpsMB
Hello, I have an issue with multiOTPTimeoutUnlock when I do an elevation of privilege. Actually, I set this value to 5a0 (1440 minutes) to don't ask 2FA on unlock. That works well but when I do an elevation of privilege (with an other account), MutiOTP ask 2FA when I unlock and I have to restart my computer to don't have MFA on unlock.
Is it normal or I have a trouble on my settings ?
Thank you for your help.
Best regards,
MB