Change the authentication frequency
If the MFA lifetime is shorter than your session expiration length, users with active sessions don't authenticate when their MFA expires.
HealthInsight task recommendation
In your Okta sign-on policy or app sign-on policy, shorten the amount of time that a user can be idle. Require users to provide MFA every time they sign in.
To increase the authentication frequency for all resources, configure these conditions in your Okta sign-on policy:
To increase the authentication frequency for specific apps, create an app sign-on policy with your desired session length and MFA lifetimes.
Session times aligned with the MFA lifetime that you configure. Users authenticate more frequently.
Increase authentication frequency for all resources
In the Admin Console, go to .
Select the policy that you want to edit.
In the Rules table, locate the rule that you want to edit and make these updates:
Users will be prompted for MFA: At every sign-in attempt
Maximum Okta session lifetime: Set time limit in days, hours, or minutes
Click Update Rule.
Increase authentication frequency for specific resources
For Prompt for re-authentication frequency is, select Every sign-in attempt.