Templafy Desktop Multi-Factor Authentication Prompts at Midnight

This article contains information and solutions to Templafy Desktop MFA prompts being triggered at midnight.

Templafy uses three JWT tokens: the Templafy Desktop Refresh Token, the Add-ins Refresh Token, and the Access Token, to manage the authentication and authorization into Templafy.

Depending on the MFA conditions, the re-authentication process will require the user to confirm the authentication attempt, preventing Templafy Desktop from seamlessly (read silently) refreshing the SSO token.

Solution 1: Adjust the MFA Conditions

It is recommended to define MFA conditions that do not require user confirmation upon every Templafy authentication request, but rather under specific conditions. This will provide an improved user experience and an uninterrupted workflow.

The specific MFA conditions must be reviewed by your security team, but an example could be:

• MFA challenge when: Login the first time (any device, any location) - Stored for full session (~8 hours).
• Exception: Using a Managed Browser from a Corporate device (native login) will not challenge MFA; Templafy Hive uses Edge Chromium (Webview2).

Solution 2: Group Policy – Hibernation Mode

If an MFA prompt is required for every authentication process, it is possible to push a group policy to all users' machines to change the Microsoft power settings.

An example setting could be that after one hour of inactivity, the machine goes into hibernation or sleep mode. By entering this mode Windows can automatically save all work and close the Templafy Desktop application, thus preventing the authentication request at midnight.

Even though this solution solves the authentication prompts at midnight, it will prevent the SSO process from being seamless.

Solution 3: Disable Automatic Login Flow

Disable the login within Templafy Desktop and make users login to Templafy when using applications.