Skip to main content

We have a user that is able to bypass the need for entering in their password + MFA token when logging into the Java console. This user is part of a group where MFA is enabled and SSO is disabled for our environment. I'm not sure what the reason for this would be? When the user initially logs in through the Java console, then opens up the web console, their login for some reason persists. So if they close out the Java console after closing out of the web console, they are then able to login to the Java console without the need for entering in their password or token. It seems as though for some reason the login session persists through the web console.

 

I’m pretty sure this is an additional setting that needs to be modified somewhere, but I’m not exactly sure where this might be?

Hi @Rehan Bari , does the user retain a session opened within the WebConsole?

It sounds like you are using Modern Authentication and the user is just taking the already available token from an already logged in WebConsole session


Reply