Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-7242: Validity period for Centrify Identity Service MFA challenges

Privileged Access Service ,  

3 April,19 at 07:31 PM

Question:

How long are the various MFA challenges valid for before a user will need to re attempt the MFA challenge from the beginning?

Challenge examples:

User-added image



Answer:

There are different expiration thresholds, depending on the type of challenge used. See the below table for details:
 
ChallengeDuration
PasswordDetermined by Source directory policy
Phone CallWill be attempted only once
Text message (SMS) confirmation code5 Minutes until no longer valid
Email confirmation code5 Minutes until no longer valid
User-defined Security QuestionDetermined by User - remains unchanged unless Question/Answer is updated by user
Third party Authenticator for user added applications (example: Google Authenticator)30 Seconds +/-30 seconds (Max 90 seconds)
OATH OTP: HOTP- Counter+13 codes
TOTP- (period +/-period) max = 3(period).  
 
An Administrator may also choose to modify the "Challenge Pass-Through Duration" option to allow a user to log back in and bypass the MFA challenges, if the User has already satisfied the challenges within the range of the time set here. (ie. If set to 30 minutes, the User will not need to be re-challenged unless more than 30 minutes has passed).



For additional information not covered in this guide or troubleshooting assistance, please review Centrify Online Help or the Customer Support Portal at https://www.centrify.com/support/customer-support-portal/

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 article[How To] Enable Symantec VIP MFA for Centrify Server Suite on Linux Part I article[How To] Enable Symantec VIP MFA for Centrify Server Suite on Linux Part III article[How To] Enable Symantec VIP MFA for Centrify Server Suite on Linux Part II articleKB-12215: How to silently install the Centrify Agent for Windows™ using Group Policies for MFA and Enrollment articleKB-7074: Why is Centrify changing IWA, what changes are being made, and how can I ensure IWA continues to work as expected post 16.7? article[Labs] Using Centrify MFA to secure AWS WorkSpaces with Simple AD articleCentrify 18.3 Release Notes article[Labs] Using Identity Platform as a RADIUS Client to support MFA with OTP tokens (e.g. SecurID, etc) articleHOWTO: Implement MFA on Centrify Express for UNIX/Linux