According to the Auth0 documentation, by default: “The user will be able to decide if they want to skip MFA every 30 days when
provider is set to other values”. Moreover, it states “In order to let the user skip MFA, a cookie will be stored in the user’s browser” (see https://auth0.com/docs/multifactor-authentication/custom).
We have had user’s report that they have to perform MFA more frequently than the stated 30 days. Upon investigation, it appears that the auth0 cookie expires only 3 days after visiting the MFA screen. This may be one reason for the reported issue as the cookie expirty is too soon. Is there any possible way to customise the length of time that a user can login without being prompted for MFA?