VIP Auth Hub - Remember device not working as expected
Article ID: 280090
Updated On:
Products
VIP Authentication Hub
Issue/Introduction
We configured the Remember device in VIP AuthHub but the users keep getting the secondary factor even after the remember device is enabled.
Environment
VIP Authentication Hub
Release : 2.2.3
Resolution
As a tenant admin, when you perform activities that deal with sensitive information such as editing user PII data or performing banking transactions, you are required to perform multi-factor authentications to ensure that this sensitive information is only accessed by you, and is secured. Most often, to perform these activities, you use the same set of devices like your personal mobile phone, tablet, or home computer. Therefore, you can use the trusted devices functionality to designate the most commonly used device or a handful of devices as trusted, which will allow you to log in to the protected resource by performing only the first factor of authentication and skipping other factors in all subsequent logins.
Trusted Device functionality is supported in SignIn UI, Sample app, and Mobile (Hedmoral -Android & iOS) applications.
Note the following:
-
"TrustedDevices" only applies to Multi-Factor Authentication scenarios. You are advised not to use trusted devices for sensitive applications.
-
If there are multiple policies that are assigned to an application that has both “mfaFrequency”: “OnceForTrustedDevice” and “mfaFrequency”: “EveryTime” configured, then the latter takes precedence over the former and the user is obliged to authenticate all the factors.
- The "Remember This Device" option gets cleared off from the UI and the login device is treated as a new device and not a trusted device when:
-
the device has not been used for the period that has been configured in the "trustedDeviceExpiryDays" parameter.
- you clear the device-tag cookie from the browser that you have used to authenticate.
In both these cases, you need to select the "Remember This Device" checkbox in the UI once again.
-
-
If multiple authentication factors are configured for your authentication flow, then the "Remember This Device" option is displayed only before authenticating the last factor. For example, if you have factors in this order, Password>SMSOTP, then the "Remember This Device" checkbox gets displayed only before the SMSOTP authentication.
Please make sure that the Trusted Device feature is ON in Admin console.
Note: If IARISK is enabled, please make sure that the Device Recongnition is enabled in the Risk rules. If not then enable it using the Update Risk Rules API.
Feedback
Yes
No
Powered by
