Description
The ATO have made a change to the requirements for Multi-Factor Authentication for users who can access sensitive payee information (Mandatory MFA Users). Currently where an Agency has assigned the policy that ‘Remember Me' for 30 days can be utilised, users that access sensitive payee information must use MFA, however they can select to have their MFA credentials stored for 30 days.
...
On login, the ‘Remember Me’ prompt will still display allowing the user to tick ‘30 days’, however, the user’s credentials will only be stored for a period of 24 hours.
Benefits
This change ensure that FastTrack360 complies with ATO requirements for protection of sensitive payee information.
Configuration
No new configuration is required, however where you have applied the Password Policy, Remember Me setting for ‘30 Days’ and you have a large volume of users that access Australian Payee sensitive information, we strongly recommend that you change this setting to the ‘Daily to midnight’ option.
...