MFA: Inactive user override questions

gsmith · December 11, 2023, 8:52pm

On this MFA page in the docs, it says this:

If a user is inactive for a period of seven days or more, their cookie will expire and they will be prompted for MFA on their next login attempt

I have two questions related to this:

Does this apply to both Classic Universal Login and New Universal Login?
Will a user still be prompted after 7 days if “Never” is selected for “Require Multi-factor Auth” in the policy?

pavan.bn · January 7, 2024, 1:35pm

Hi gsmith,

Thanks for reaching out to Auth0 Community!

For your second question, user will not be prompted for MFA in this case, if the policy is set to “Never” MFA won’t be enforced even after cookie is expires. please refer this document for more information Enable Multi-Factor Authentication

Thanks,
Pavan

Topic		Replies	Views
Multifactor authentication prompt is less than 30 days Help	9	4765	August 29, 2024
Controlling MFA Expiration Time Help auth0 , mfa	1	2630	September 23, 2022
MFA Session Cookie (auth0-mf) Knowledge Articles session-cookie , auth0-mf	1	299	June 26, 2024
Universal login SMS expiration message Help mfa , mfa-prompt-new-experience	1	39	August 1, 2024
MFA - Is it possible to turn off "Remember Device for 30 days"? Help	3	3579	November 23, 2022

MFA: Inactive user override questions

Related Topics