JumpCloud Protect will enforce a limit on concurrent push notification attempts per resource to reduce push bombing or MFA fatigue risks. User can re-attempt Push MFA for that resource login after the user has approved or denied the transaction or the push attempt has expired. This applies to user portal login, application access, password reset, and device login. Admins will have the option to turn off or increase the limit of allowed concurrent push notification attempts through an admin console setting with default limit value being 1.
The feature is expected to be on a slow roll out from Apr 11, 2023.
Please check out our blog and Knowledge base article on incorporating additional measures to organization's accounts to increase your security posture.
Blog: https://jumpcloud.com/blog/push-bombing-mfa-fatigue
kb: https://jumpcloud.my.site.com/support/s/article/Configuring-JumpCloud-Protect-for-Administrators
