Configurable MFA duration

18 October 2023

zli v. 6.34.10


  • SSH and shell connections. This version of the zli introduces a small change to how the service manages SSH and shell connections with LevelDB. There is no visible change to the user.
  • Passwordless database access (SplitCert & service account injection). This release of the zli contains the changes necessary to support the passwordless database UX improvements.
  • Multiple web target connections. The zli now supports multiple web target connections.

Web app & backend


  • Admin-specified duration for BastionZero MFA. For organizations who have global MFA enabled, administrators can now specify how frequently users will need to provide MFA to BastionZero. The duration can be as short as 1 hour and as much as 1 week (168 hours). Any changes take effect immediately and will be enforced at the user's next MFA refresh. Administrators can modify the MFA duration underneath "Security" in the web app or via API.
  • Passwordless database access (SplitCert & service account injection). This release of the web app contains new fields when creating a passwordless database target that enable the admin to specify which authentication protocol and database type their target uses. For service account injection, BastionZero will prepend the protocol prefix by default based on the database type chosen. These new fields are also reflected in our API.


  • Premature web app logout. Resolved an issue with premature logout from the web app due to a race condition in the OIDC refresh process. This may have occurred to users associated with Google, OneLogin, Okta, and Keycloak organizations.
  • Frequent logout with Google organizations. Resolved an issue with refreshing the id token for Google organizations when a user was signed in to more than one Google account.
  • [Released 5 October] Download the zli from the onboarding tool. Resolved an issue with the zli download link from the onboarding tool in the web app.
For questions or to provide feedback on how we can improve our updates, reach out to [email protected].