Use this rule to reduce the likelihood of a user acknowledging a malicious push notification as part of an MFA fatigue attack by limiting the number of push notifications the user can deny or ignore within a given time period.
If the number of push notifications the user receives exceeds the limit defined, specify an action from the list of allowed methods that are available, or choose to deny the user access.
You can define an array of up to three push notification limits (subrules), and specify up to three actions that are triggered sequentially as the user reaches each limit. Select increasingly restrictive actions as the number of push notifications that are ignored or denied increases within the defined time period.
For example, within a 5-minute period:
- After 5 push notifications, the user must authenticate with a security key.
- After 10 push notifications, the user must authenticate using biometrics, or number matching (future feature).
- After 15 push notifications, the user is denied access.
By default, only one limit is shown, however up to three limits can be defined. If you select Deny for the first or second limit action, no further actions can be specified.