We have a user that is able to bypass the need for entering in their password + MFA token when logging into the Java console. This user is part of a group where MFA is enabled and SSO is disabled for our environment. I'm not sure what the reason for this would be? When the user initially logs in through the Java console, then opens up the web console, their login for some reason persists. So if they close out the Java console after closing out of the web console, they are then able to login to the Java console without the need for entering in their password or token. It seems as though for some reason the login session persists through the web console.
I’m pretty sure this is an additional setting that needs to be modified somewhere, but I’m not exactly sure where this might be?