Idea ID: 2835281

Linked chains - Option to extend the grace period if user authenticateswith during this graceperiod

Status : New Idea
9 months ago

Please add another option in the Chains "Advanced Settings" which will extend the grace period (by the same time) if the user authenticate successfully with the simplifyed chain during this grace period.

Example Today:
- Linked chains are configured in the policy
- Chain: PIN & OTP will be simplifyed to OTPonly with a grace period of 2hours

  • 10:00 User authenticates with PIN & OTP - graceperiod will be activated until 12:00
  • 10:05 User locks the system
  • 10:30 User authenticates with simplifyed chain OTPonly
  • 10:55 User locks the system
  • 11:30 User authenticates with simplifyed chain OTPonly
  • 11:55 User locks the system
  • 12:05 Grace period will be reached - moving to MFA Chain
  • 12:05 User authenticates with PIN & OTP - graceperiod will be activated again until 14:00

Attached you may find how it could be shown in the AAF Portal:
- Linked chains are configured in the policy
- Chain: PIN & OTP will be simplifyed to OTPonly with a grace period of 2hours & the new additonal option "increase grace period if authentication happened during grace period time"

  • 10:00 User authenticates with PIN & OTP - graceperiod will be activated until 12:00
  • 10:05 User locks the system
  • 10:30 User authenticates with simplifyed chain OTPonly - graceperiod will be extended until 12:30
  • 10:55 User locks the system
  • 11:30 User authenticates with simplifyed chain OTPonly - graceperiod will be extended until 13:30
  • 11:55 User locks the system
  • 13:30 Grace period will be reached - moving to MFA Chain
  • 13:35 User authenticates with PIN & OTP - graceperiod will be activated again until 15:35

It could looks like this: