| AWRA OpsHub

 Search
Advanced Certificate on pass

Device Trust and MFA

Control trusted devices, MFA recovery, session termination, biometric token controls, and safe user recovery.

3 lessons 40 min 5-question assessment 80% to pass
Take the assessment

What you’ll learn

  • Explain why device trust is part of identity security
  • Terminate risky sessions without disrupting every user
  • Govern biometric and mobile tokens as access credentials
  • Recover users safely after device loss or MFA trouble

Course content

3 lessons · 40 min of reading
01
Lesson 1 of 3 Reading 12 min

Trusted devices and risk

Identity is more than a username and password. The device, browser, location, token, and session all help determine whether an access attempt looks normal or risky.

Trusted devices make daily work easier, but they must still be reviewed. A device that belongs to a departed staff member, a lost phone, or a browser from an unfamiliar location can become a security problem.

In practice, a user who logs in from a known laptop and passes MFA is different from a login attempt from a new phone in an unexpected location. The device signal helps security respond proportionally.

Device risk response

Signal Risk read Admin response
Known device and MFA passed Normal access pattern Monitor normally
Lost or stolen phone Active token exposure Terminate sessions and revoke tokens
Departed user device Stale trusted access Revoke trust and review account
New device in unusual context Possible compromise or travel Challenge, verify, or escalate

Key takeaways

  • Device trust adds context to identity decisions.
  • Trusted devices should still be reviewed over time.
  • Lost or stale devices can become active access risks.
  • Risk signals help admins respond without panic.
02
Lesson 2 of 3 Workshop 14 min

Sessions, termination, and biometric tokens

A session is active access. Terminating a risky session is often the fastest way to stop exposure while keeping the user account intact for review or recovery.

Biometric and mobile tokens should be treated like credentials. They may feel convenient, but they still represent permission to access the system and should be revoked when the device is lost, replaced, or reassigned.

In practice, when a sales phone is stolen, the admin should terminate active sessions, revoke mobile or biometric tokens, review recent activity, and help the user re-enrol from a safe device.

Key takeaways

  • Session termination can stop active access quickly.
  • Token revocation is different from deleting the user account.
  • Biometric tokens should be governed as credentials.
  • Lost devices require access review and activity checks.
03
Lesson 3 of 3 Practice 14 min

Recovery without weakening security

User recovery is where security often becomes fragile. A real user may be locked out, but an attacker may also be trying to bypass MFA through a support request.

Safe recovery verifies identity, checks recent device and session history, applies the minimum reset needed, and leaves evidence. Recovery should restore access without quietly removing every control.

In practice, if a manager replaces a phone, the admin can revoke the old token, confirm the manager through a trusted channel, reset MFA enrolment, and require the new device to complete the normal challenge.

Key takeaways

  • Recovery requests need identity verification.
  • Admins should review session and device history before reset.
  • Use the minimum reset needed to restore access.
  • Recovery actions should leave an audit trail.

Finished the material?

Take the 5-question assessment and earn your certificate — 80% to pass.

Take the assessment

More in this path

Workflow Builder Basics

Open course

Approval Workflows

Open course

Security & Data Protection

Open course

Help Center

Need a quick answer while you read?

Run inventory, procurement, assets, sales, and field work with approved AWRA guidance for setup, migration, integrations, security, pricing, and support.

Search all approved AWRA public help articles.

Open Help Center