Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-7242: Validity period for Centrify Identity Service MFA challenges

Privileged Access Service ,  

3 April,19 at 07:31 PM


How long are the various MFA challenges valid for before a user will need to re attempt the MFA challenge from the beginning?

Challenge examples:

User-added image


There are different expiration thresholds, depending on the type of challenge used. See the below table for details:

PasswordDetermined by Source directory policy
Phone CallWill be attempted only once
Text message (SMS) confirmation code5 Minutes until no longer valid
Email confirmation code5 Minutes until no longer valid
User-defined Security QuestionDetermined by User - remains unchanged unless Question/Answer is updated by user
Third party Authenticator for user added applications (example: Google Authenticator)30 Seconds +/-30 seconds (Max 90 seconds)
OATH OTP: HOTP- Counter+13 codes
TOTP- (period +/-period) max = 3(period).  
An Administrator may also choose to modify the "Challenge Pass-Through Duration" option to allow a user to log back in and bypass the MFA challenges, if the User has already satisfied the challenges within the range of the time set here. (ie. If set to 30 minutes, the User will not need to be re-challenged unless more than 30 minutes has passed).

For additional information not covered in this guide or troubleshooting assistance, please review Centrify Online Help or the Customer Support Portal at