Trust My Device
By default, users can mark their browser or device as “trusted” in order to safely bypass the 2FA process for future logins.
With 2FA enabled, the second factor of authentication is required the first time a user logs in. If the user completes this verification process and selects “Trust this device for future logins”, they will not have to complete the 2FA process again for 30 days on that browser or device.
You can customize this lifetime or disable the “trust this device” feature by configuring the authentication.second_factor.trust_device_ttl setting in the Identity Cloud Console.
Tip: ttl stands for “time to live”.
The steps below configure a custom trusted device lifetime for a specific property:
- Navigate to your application in the Identity Cloud Console
- Navigate to MANAGE PROPERTIES
- Click the Actions menu ( ) for your Login Client and select Edit. This will take you to the page for viewing and editing your property.
- Click the EDIT SETTINGS button at the bottom of the Settings section
- Click the Add Setting icon (
). This will add a new line to the bottom of the list. - Type or paste in the new setting name:
authentication.second_factor.trust_device_ttl - Click on the Create authentication.second_factor.trust_device_ttl. popup
- Type in the value for this setting, which is specified in seconds.
Example values:
- To reduce the lifetime to 7 days:
604800 - To set the lifetime back to 30 days:
2592000(or delete this setting) - To disable the trusted device feature:
0- When you disable this feature, the “trust this device” option will not appear to users on the 2FA screen, and users will be required to complete the 2FA process every time they login.
- To reduce the lifetime to 7 days:
- Click the Save icon (
)
It may take a few minutes for your changes to be reflected in Hosted Login after you add or update a setting in Console.