Use system properties to enable and customize MFA to meet your security requirements.

Table 1. Multi-factor authentication properties
PropertyDescription
Enable Multi-factor authentication (glide.authenticate.multifactor) Option that enables users and administrators to use this feature. The default is enabled. To learn more about this property, see in Instance Security Hardening Settings.
Number of times a user can bypass multi-factor authentication

(glide.authenticate.multifactor.setup.bypass.count)

 Number of times that a user can choose to skip the setup of MFA. Your users can still log in to the instance even if they don't have their mobile device with them. If you disable this feature and then re-enable it, the counter starts over again. The default is 3.
The time in minutes the one-time code sent to user's email address is valid for (glide.multifactor.onetime.code.validity) Number of minutes that the reset code is valid. See Log in with multi-factor authentication. The default is 5.
Note: This property is for email OTP validation time.
Additional time in seconds for which the code is valid to accommodate for the clock skew. The maximum value is 60 seconds. (glide.authenticate.multifactor.clock_skew) Number of additional seconds that the reset code is valid. The maximum is 60. The default is 10.

The instance validates the code entered by the user against the single app-generated code that is generated at the current time. You can skew the time window with this property and allow one or more codes to be generated during a time window to be considered valid.

The property's value is used in the following calculation: current time - X/2 and current time + X/2, where X is the value of this property. If you use the value of 10, for example, the instance considers any codes that the app generates within the time range [the current time - 5 seconds] and [current time + 5 seconds] to be valid.

Use this property to prevent login issues where the user is unable to enter the correct code in the default time allotted.
Enable remember browser feature for multi-factor authentication.

(glide.authenticate.multifactor.remember.browser.enable)

 Set your instance to prompt a user for MFA when they log in from a new device or browser. The default is yes.
Validity of browser fingerprint in hours.

(glide.authenticate.multifactor.browser.fingerprint.validity)

 After MFA remembers the browser, the user is not challenged for MFA in the same browser for this duration. The default is 8 hours.
Maximum number of browsers a user can remember.

(glide.authenticate.multifactor.remembered.browser.max.count)

 The number of browsers MFA remembers for this user.
Default value of remember browser check box in the validate multi-factor page.

(glide.authenticate.multifactor.remember.browser.default)

 Default value of the remember-browser check box in the validate multi-factor page.
Enable web authentication (FIDO2) based MFA. (glide.webauthn.enabled) Option to enable passwordless authentication methods such as hardware key and biometric authentication.
Enable email OTP for Multi-factor authentication (glide.authenticate.multifactor.email.otp.enable Option to enable email based OTP as a factor for MFA.
Enable enhanced multi-factor authentication (MFA) setup UI to allow users to setup the factor independently. glide.auth.mfa.ui.v2.enabled Option to enable MFA factor independently for the users without setting up an authenticator app.