I’ve read this recent FAQ post about using the mfa once per session process as an action
But while this technically works, this feels incomplete when compared to the original Rules-based implemention, which checked for a mfa confirmation, and had the user proceed… Setting the 30 day MFA flag automatically doesn’t give the end-user the ability to see their MFA confirmation on logout.
Can an implementation that’s equivalent to the rules “Require MFA once per session” implementation be provided?
Thanks!