Device Auth: Snooze and User Experience Improvements
Note: check snooze is only available for organizations using our Device Trust for Okta solution
In this Changelog, weâre going over two updates to our UI that streamline authentication for end users. In the first, weâve made our âsnooze buttonâ easier to locate and use. In the second, weâve reduced the frequency users will encounter the âwarningâ screen while authenticating. Both these improvements are in response to customer feedback, so thanks for sharing your experiences, and keep âem coming!
Snooze a single blocking Check
Earlier this year, we introduced snoozing for checks, allowing users to authenticate for 8 hours even if they are failing a check. (The idea being that itâs too disruptive not to give users an escape hatch if theyâre running late to a meeting.) After we rolled out snoozing, we received some user feedback that the snooze button was a bit hard to find. In light of that, weâve changed the UI to put the snooze button front-and-center when there is a single issue blocking authentication.
We only allow this snooze functionality when there is a single blocking check which is configured as snoozeable. There are two reasons we restrict snoozing to a single blocking check at a time:
- Itâs bad security practice for a user to snooze multiple checks at once, and increases the likelihood the user will over-rely on the snooze feature.
- Not all blocking checks are snoozeable. Kolide admins can decide certain checks are too urgent to allow for snoozing, so we canât bundle those with checks that can be snoozed.
Only warn a user once every 24 hours
Weâve also changed how often we display our warning page in the event a user is failing a blocking check, but is still within its grace period. With this change, Kolide only warns the user of an issue once every 24 hours, instead of during every authentication flow.
In addition to this expedited authentication flow, weâve made sure to log when a user has seen the warning screen, so that Kolide admins have full visibility into the authentication processes that make up their fleet.