Currently, once a user has passed an MFA challenge, this fact is cached in the session and the user is not required to pass MFA again until the session expires or the user logs out, etc. We should extend the MFA config for a tenant to allow a tenant to set a maximum TTL for an MFA and require the user to re-MFA after the TTL has been exceeded.
Currently, once a user has passed an MFA challenge, this fact is cached in the session and the user is not required to pass MFA again until the session expires or the user logs out, etc. We should extend the MFA config for a tenant to allow a tenant to set a maximum TTL for an MFA and require the user to re-MFA after the TTL has been exceeded.