Cached Credentials

By default, the MFA clients locally cache certain authentication methods for faster login times, or in the event your client computer(s) cannot communicate with the MFA server. Should it be required by your organization, it's possible to disable this setting, seen in our Always Online Mode article.

What methods can the client cache?

• Contactless Cards
• Emergency Access
  Emergency Access cannot perform first-time logins. Another method (like a Contactless Card) must be used first in order to pull down the account's info.

• FIDO tokens
• Fingerprints

Troubleshooting

Users can sometimes experience issues signing in with their authentication devices after they enroll a new device (or finger) to their name. While rare and of no fault of the users', this sometimes happens when the client's cached credentials interfere with the new credentials and authentication data.

To learn more about and fix this issue, please see our Remove Cached Credentials From Client or User Removal Tool pages. If you still have difficulties signing in after all of this, please reach out to our Support for further assistance.