Configure your offline authentication policy

With the Offline Authentication policy, you can let users authenticate with ‚ÄčAkamai MFA‚Äč and access their Windows account regardless of their connectivity status, while maintaining a robust defense against unauthorized access. This policy enables offline authentication for the ‚ÄčAkamai MFA‚Äč Windows Logon plugin. You can set the following conditions and permitted methods:

  • In Max attempts, enter the maximum number of allowed offline authentication attempts before the user is temporarily locked out. Value must be a number between 1 and 100. This setting defaults to 3 if unspecified.
  • In Lockout duration, enter the lockout time in seconds before the user can try to authenticate again after reaching max failed attempts. This setting defaults to Never Unlock if unspecified.
    • Select Never Unlock to permanently lock out the user and block any offline authentication attempts made after reaching max failed attempts.
  • In Max days offline, enter the maximum number of consecutive days the user is allowed to authenticate offline before being prompted to authenticate online. This setting defaults to No Limit if unspecified.
    • Select No Limit to let users authenticate offline indefinitely, regardless of how many days have passed since their last successful online authentication.
  • In Max logins, enter the maximum number of consecutive offline logins the user can perform before being prompted to authenticate online. This setting defaults to No Limit if unspecified.
    • Select No Limit to let users authenticate offline indefinitely, regardless of how many times they have logged in offline since their last successful online authentication.
  • TOTP enabled. Select whether TOTP authentication factor is enabled for offline authentication. This factor cannot be disabled when the offline policy is enabled, as it‚Äôs currently the only available offline authentication method.

ūüďė

The following lockout values are applied by default:

Max attempts: 3
Lockout duration: Never Unlock,
Max days offline: No Limit,
Max logins: No Limit.

If you disable the offline authentication subpolicy, your custom policy inherits and applies settings from your global policy. If you disable the offline authentication subpolicy in your global policy, the default values listed above are in effect.

How to

  1. In the ‚ÄčAkamai MFA‚Äč navigation menu, select Policies.

  2. Navigate to the policy that you want to edit and click the policy’s name to display its settings.

  3. Enable the edition of the Offline Authentication subpolicy in the sidebar menu.

  4. In Max attempts, Lockout duration, Max days offline, and Max logins, accept the default values, or provide your own.

  5. Click Save & Deploy.

    This overwrites and saves your newly added offline policy configuration.

This policy requires the ‚ÄčAkamai MFA‚Äč Windows Logon plugin version 3.5.0.0 or later to be installed on the user's workstation. Refer to the Windows logon integration documentation to learn more.