Question
Merative
US
Last activity: 13 Aug 2025 16:10 EDT
Pega MFA using OTP - Avoid OTP on every login
Hi Team,
We are planning to enable MFA using One time passoword using Pega OOTB security policy. Is there an option to avoid asking the user to enter OTP on every login? Such as, only ask the user to enter OTP once in a week or once in two weeks?
ai4process ltd
GB
the OOTB MFA using OTP does not natively support configurable OTP frequency like “once per week.” By default, OTP is prompted on every login when MFA is enabled.
However, you can achieve a more flexible experience using one of the following approaches:
1. Custom Token Persistence
-
Store a trusted device token or session cookie after successful OTP validation.
-
On subsequent logins, check for the presence and validity of this token.
-
If valid, bypass OTP prompt for that session or device.
2. Extend Authentication Service
-
Customize the Authentication Service rule to include logic that:
-
Checks last OTP validation timestamp.
-
Skips OTP if within the allowed time window (e.g., 7 days).
-
-
This requires maintaining a property like
.LastOTPValidatedon the operator or session.
3. Use External Identity Provider (IdP)
-
If using SSO with an external IdP (e.g., Azure AD, Okta), configure MFA frequency at the IdP level.
-
Pega will rely on the IdP’s authentication flow, including OTP .
Merative
US
@RaviChandra Thanks, Let me check #1 and #2, and update you.