Applicability

This rule can be applied to Resource Policies or Minimum Authentication Requirements. The Admin Console’s authentication policy cannot be edited.

Functionality

This rule allows you to set the frequency on which users must re-authenticate. For example, if a user attempts to access a Resource with an authentication rule set at 6 hours, if they have not authenticated in the past 6 hours, they will be prompted to authenticate.

Note that we cannot control how your identity provider handles this authentication, and some providers may not require a user to reenter their password or provide any other credentials. If it is important that your users actively re-authenticate within each authentication session period, we recommend that you configure your IdP to require passwords every time a user authenticates.

If a user has authenticated within the time window, they will not need to reauthenticate, even against a different Security Policy. So for example, if the Minimum Authentication Requirement is 1 day and a Resource Policy is set to 6 hours, a user who logs in and then tries to access the Resource will not be required to authenticate twice, but will be prompted if they try to access it more than 6 hours after sign-in.