Forum Discussion

JG-Burke's avatar
JG-Burke
Brass Contributor
Nov 16, 2023

ID Protection -- CA policy for Sign-in Frequency enabled

On the Security Score dashboard, I have a recommendation:

Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users
Description
Forcing a time out for MFA will help ensure that sessions are not kept alive for an indefinite period of time, ensuring that browser sessions are not persistent will help in prevention of drive-by attacks in web browsers, this also prevents creation and saving of session cookies leaving nothing for an attacker to take.

 

The implementation indicates to create a new CA policy; it provides the settings; and provides the minimum number of roles to apply it to.

 

I have created the CA weeks ago and the points were never applied. This still shows as a recommendation.

 

The implementation status says this:

Setting is: sign in frequency is not yet enabled in the following accounts: "BLOCK - CA003: Block legacy authentication", "BLOCK - Risky Countries and Attackers", "ALL - CA004: Require MFA for all users" and 18 Additional accounts. Please go to "Implementation" tab to view the required steps to enable the setting.

 

#1 -- these are not ACCOUNTS it is listing they are CA policies.

#2 - implementation steps indicate to create a NEW CA policy, not edit every existing CA policy.

 

I am wondering if anyone has been able to get this a CA policy to work (apply the points and remove the recommendation)?

  • After 2-3 months, the points came through and this is no longer listed as an open recommendation.

  • JG-Burke's avatar
    JG-Burke
    Brass Contributor

    After 2-3 months, the points came through and this is no longer listed as an open recommendation.

Resources