We are looking to implement ISE/Azure MFA authentication on some network devices for admin auth, which we have successfully gotten to work. But, some users log into these devices multiple times per day.
Is there a way to control or limit the MFA authentication to a certain time period like only once per day? I was thinking about setting a session time during the MFA auth rule, and then check that session time and if its expired then run through MFA again, if its not expired then skip MFA, but I'm not sure if that's possible nor how to use that session time in the auth policy.