Network Authentication for Zero Trust Access

In addition to any other authentication requirements you configure, you can require end users to re-authenticate themselves at an interval that you choose before they can connect to private resources using Zero Trust Access.

End users need to sign in only once during the interval you specify; after signing in, users can connect to any private resources that are enabled for Zero Trust Access, when rules allow access. When the interval ends, users must sign in again to regain Zero Trust Access to allowed private resources for the specified period of time.

You will want to balance security needs with end-user convenience. For example, for most applications, you may want to require that users re-authenticate about once per day, while for sensitive applications, you may want to require re-authentication as often as hourly.

The interval specified on the Rule Defaults page is used by default for all new private access rules. To set or change the default interval, see Important Information About Changing Rule Defaults and Edit Rule Defaults and Global Settings.

For each private access rule that includes at least one private resource as a destination, you can choose to use the default interval or specify a different interval. See Add a Private Access Rule.

These authentication options are in addition to any sign-in requirements required by mechanisms outside of Secure Access, such as those required to access individual resources.

If you disable this authentication option, users are never prompted to sign in again after they have authenticated once.

Comparison of Client-Based and Browser-Based Zero Trust Access Connections< Network Authentication for Zero Trust Access > Manage the Access Policy