Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-7242: Validity period for Centrify Identity Service MFA challenges

App Access Service ,  

22 August,16 at 09:38 PM

Applies to: Centrify Identity Service, App Edition



Question:

How long are the various MFA challenges valid for before a user will need to re attempt the MFA challenge from the beginning?

Challenge examples:

User-added image



Answer:

There are different expiration thresholds, depending on the type of challenge used. See the below table for details:
 
ChallengeDuration
PasswordDetermined by Source directory policy
Phone CallWill be attempted only once
Text message (SMS) confirmation code5 Minutes until no longer valid
Email confirmation code5 Minutes until no longer valid
User-defined Security QuestionDetermined by User - remains unchanged unless Question/Answer is updated by user
Third party Authenticator for user added applications (example: Google Authenticator)30 Seconds +/-30 seconds (Max 90 seconds)
OATH OTP: HOTP- Counter+13 codes
TOTP- (period +/-period) max = 3(period).  
 
An Administrator may also choose to modify the "Challenge Pass-Through Duration" option to allow a user to log back in and bypass the MFA challenges, if the User has already satisfied the challenges within the range of the time set here. (ie. If set to 30 minutes, the User will not need to be re-challenged unless more than 30 minutes has passed).



For additional information not covered in this guide or troubleshooting assistance, please review Centrify Online Help or the Customer Support Portal at https://www.centrify.com/support/customer-support-portal/

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-7074: Why is Centrify changing IWA, what changes are being made, and how can I ensure IWA continues to work as expected post 16.7? articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-7450: Authentication Challenges and how to use them for Radius authentication articleKB-7047: Apps which require "Strong Authentication" do not prompt users for MFA Challenge when launched articleKB-4283: Creating templates to use certificates for authentication with cloud enrolled devices articleKB-9139: MFA for Amazon WorkSpaces using RADIUS with Centrify articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-11071: Logging Into a Windows Machine that is MFA Enabled, the Message is Seen "Unable to load profile: Profile does not exist"