| Flag name | Default | Purpose | Notes |
|---|---|---|---|
| `EnableCAuth` | false | Enables/disables CAuth features, including policy-triggered re-auth prompts. | false = off, true = on |
| `ReauthTimeoutSec` | 30 | How long the re-auth prompt stays open before timing out; on timeout the workstation is locked. | Max allowed is 120 |
| `AuthCooldownSeconds` | 1800 | Minimum time (in seconds) between consecutive CAuth re-auth prompts. | Minimize if tolerate more frequent step‑up prompts |
| `authAttempts` | 8 | TruU PIN lockout threshold (app-level): wrong PIN attempts allowed during TruU re-auth before PIN is locked. | Same flag for standard Pin hammering |
| `timeExpiredFailedAttemptsSec` | 3600 | TruU PIN lockout duration (in seconds) after attempts are exhausted. | Same flag for standard Pin hammering |
Deploy Continuous Authentication
Enable-cauth-application
This guide shows the what to configure for enabling cauth in the installer application.config file and other fields which can be customizable based on customer needs