Setting up Multifactor Authentication with an Inactivity Time Out
You can set Multifactor Authentication so that it times out after a specified period of inactivity. The timeout value for an MFA session is set in minutes. The default is 0, meaning no timeout.
Note
MFA timeout only applies to new processes. Once a process, like Bash, for example, is MFA-authenticated, it does not time out. Additionally, when a timeout value changes, all MFA-authenticated processes remain authenticated. The timeout change does not affect them.