website/docs: add missing docs for #2828

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
goauthentik · May 23, 2022 · 4b96b2b · 4b96b2b
1 parent b7979ad
commit 4b96b2b
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 2 deletions.
diff --git a/website/docs/flow/stages/authenticator_validate/index.md b/website/docs/flow/stages/authenticator_validate/index.md
@@ -21,7 +21,15 @@ Using the `Not configured action`, you can choose what happens when a user does
 By default, authenticator validation is required every time the flow containing this stage is executed. To only change this behavior, set _Last validation threshold_ to a non-zero value. (Requires authentik 2022.5)
 Keep in mind that when using Code-based devices (TOTP, Static and SMS), values lower than `seconds=30` cannot be used, as with the way TOTP devices are saved, there is no exact timestamp.
 
-## Passwordless authentication
+### Less-frequent validation
+
+:::info
+Requires authentik 2022.5.1
+:::
+
+You can configure this stage to only ask for MFA validation if the user hasn't authenticated themselves within a defined time period. To configure this, set *Last validation threshold* to any non-zero value. Any of the users devices within the selected classes are checked.
+
+### Passwordless authentication
 
 :::info
 Requires authentik 2021.12.4
@@ -37,7 +45,7 @@ As final stage, bind a _User login_ stage.
 
 Users can either access this flow directly via it's URL, or you can modify any Identification stage to add a direct link to this flow.
 
-#### Logging
+### Logging
 
 Logins which used Passwordless authentication have the _auth_method_ context variable set to `auth_webauthn_pwl`, and the device used is saved in the arguments. Example:
 

diff --git a/website/docs/releases/v2022.5.md b/website/docs/releases/v2022.5.md
@@ -22,6 +22,10 @@ slug: "2022.5"
     See [LDAP provider](../providers/ldap.md#cached-bind)
 
 -   OAuth2: Add support for `form_post` response mode
+-   Don't prompt users for MFA when they've authenticated themselves within a time period
+
+    You can now configure any [Authenticator Validation Stage](../flow/stages/authenticator_validate/index.md) stage to not ask for MFA validation if the user has previously authenticated themselves with an MFA device (of any of the selected classes) in the `Last validation threshold`.
+
 -   Optimise bundling of web assets
 
     Previous versions had the entire frontend bundled in a single file (per interface). This has been revamped to produce smaller bundle sizes for each interface to improve the loading times.