MFA Remember Me

The University of Regina MFA implementation includes a "Remember Me" function which is similar to the "remember my computer" or "keep me logged in" options users are accustomed to seeing during primary authentication on many websites.

This feature is designed to reduce the number of MFA prompts you will receive in that web browser for the next 7 days.

With the remembered devices feature enabled, the user is offered a "Remember me for ..." checkbox during login. When users check this box, they aren't challenged for secondary MFA authentication again when they log in to that application from that device for the specified period of time (7 days).

How to Use Remember Me:

When logging into an application, and you are presented with a MFA screen, if the "Remember me" function is available for this application, you will see a "Remember me for 7 days" check box, as circled in red, below:

7days.png

Checking this box will remember the web browser for 7 days, and MFA prompts will not be required on this application from within the same web browser for 7 days.

This applies only to the computer and browser that you are currently using. If you check the box on your work computer, your home computer won't remember you.

Additionally, if you change web browsers on the same computer, use private browsing mode (such as Incognito) or clear your cookies in the web browser, you will be required to authenticate again with MFA as the remember me functionality is specific to a web browser on a specific device, and uses cookies.

Note: You should be prepared to authenticate with MFA with any login. "Remember me" functionality is done for convenience only. Please ensure you have your device handy to use with MFA in the event "Remember me" has forgotten you!

Note: You can check "Remember Me" on any computer that you use regularly and that you trust. Don't use the "Remember me" function on a public or shared computer!

Settings Required to use Remember Me:

To take advantage of the remember me functionality, ensure that that you have set up Duo MFA to "Ask me to Choose an Authentication Mechanism". This option will allow you to take advantage of the remember me functionality.

If you have selected "Automatically send this device a Duo Push" it will not allow users to take advantage of remember me, and may result in a larger number of MFA authentication requests overall.

If your device automatically receives a Duo Mobile push notification at login, you must disable this function temporarily in order to view and click the checkbox. To temporarily disable an automatic push, when the MFA screen appears click the blue "Cancel" button in the bottom right. Click the "Remember me for 7 days" checkbox, then click the "Send Me a Push" button to complete your login.

Availability of Remember Me:

"Remember me" functionality is supported on SAML and CAS applications (web based applications). Applications which use thick clients or LDAP authentication do not support "Remember Me" functionality.  Additionally, certain high security applications may not have this functionality enabled, which will require MFA to be used on each authentication.

The "Remember Me" functionality works on an application by application basis. This means that remember me functionality applies to each individual MFA enabled service. Subsequent access of the same application will not require MFA after the first authentication, but if a user accesses a different application protected by the MFA, then the user will have to approve a MFA login request again for the second application for the life of that session (7 days).