Pause in MFA for a certain period (example 8 hours)

Timb551Timb551
in AuthPoint - Product Enhancements

Hi, would like to request a feature.

We are looking to move from Duo and have found from testing that there is no option to pause mfa checks for a certain period. For example we have it set at 12 hours so it will only ask once at the start of your work day and will only ask again if you move networks.

I appreciate there are network locations you can set as approved but this wont work when home working etc.

thanks

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Timb551

    It depends on what kind of resource the user is authenticating via.

    -If the users are authenticating to a SAML resource (such as the IDP portal), they'll only be asked for authentication at the start of their session.

    -If users authenticate via a RADIUS resource, AuthPoint will usually only see the resource's IP address. (This will usually be the internal IP of the server or resource you're authenticating to.)

    -If users are authenticating to a VPN, they will only need to authenticate when they connect to the VPN.

    -Logon App (Windows/Mac desktop MFA) will require a token or push for each login unless the user is in a safe network location.

    MFA can be turned off for a user temporarily via the forgot token function:

    (Temporarily Disable MFA for a User)
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/authpoint/forgot-authenticator-operator.html

    There is an existing feature request for this, which is AAAS-19773. Please create a support case and mention AAAS-19773 if you would like to follow/track it.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.