Unfinished 2FA sessions

Suppose you show up at an Identity Cloud website, you log on, and you get a 2FA screen similar to this:

However, before you enter your access code, you navigate to another site. What happens when you return to the Identity Cloud website? Do you have to start the login process all over again?

Maybe: it depends on how long you were gone and how long Hosted Login sessions last on the site (by default, that’s 24 hours). For now, we’ll assume that you’ve only been gone for 20 minutes or so. When you return, Hosted Login recognizes that you still have a valid session (after all, you were successfully authenticated), so it skips the login screen, sends you an access code, and immediately takes you back to the Access Code Required screen:

Enter your most-recently received access code, and you’ll be fully logged on, just like that.


OK, yes, there are other factors – such as the prompt parameter – that can play a role here. But, for now, we’ll keep the focus on the more common way of configuring Hosted Login and a Hosted Login authorization request.