Multi Factor Authentication

Question

I need to know a couple things about the granular process with the 2FA after its set up.

Does the 2fa require re authentication every time you close the apps?
Meaning will my users need to put the app password in every time they close the microsoft apps on their local PC? If not how often is it required?

Is this part of their SSO process?

Any insight would be greatly appreciated.

Answer 1

@RWarman , Thank you for reaching out. Yes, you are correct, everytime the user closes the app and reopens he would have to provide the app password or provide the 2FA code, attend the 2FA call etc. The main reason behind this is, once when you perform the 2FA, that detail gets written the the token which is issued by AAD and consumed by the app. Usually this token is valid for 1hr and in a general scenario, the app is responsible for getting another token silently in the backend. Hence if a user keeps on using the app for more than an hour, the app itself would go on fetching the tokens silently in the backend and in this case the 2FA would only come up during the first attempt while logging into the app. But if the app sis closed, the session gets destroyed and hence next time the app is accessed again, its a fresh new login and hence 2FA again.

Having said that, there are ways (but only application for browser apps) where the admin can setup that the 2FA wont be asked to the user for a certain amount of days once he logs in using 2FA. And again yes, this is a step in the SSO process.

Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.