Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
311
Views
0
Helpful
1
Replies

ISE and Azure MFA once during a time period

j656
Level 1
Level 1

‎06-21-2023 04:24 PM

We are looking to implement ISE/Azure MFA authentication on some network devices for admin auth, which we have successfully gotten to work.  But, some users log into these devices multiple times per day. 

Is there a way to control or limit the MFA authentication to a certain time period like only once per day?  I was thinking about setting a session time during the MFA auth rule, and then check that session time and if its expired then run through MFA again, if its not expired then skip MFA, but I'm not sure if that's possible nor how to use that session time in the auth policy.

0 Helpful
1 Reply 1

hslai
Cisco Employee
Cisco Employee

‎06-23-2023 08:54 PM

@j656 ISE has a passcode caching option for RADIUS token identity sources. This option enables the user to perform more than one auth using the same passcode. The aging time range can be set up to 900 seconds. So, once per day is not possible.

0 Helpful
Customers Also Viewed These Support Documents