Configuring the cooldown period

This article explains how to configure the cooldown period.

  • You need to configure the following elements:
  • The cooldown period itself. If a cooldown period is configured, all steps involving end-user authentication or action approval with the Airlock 2FA device respect this cooldown period by default. In this case, a newly enrolled 2FA device cannot be used for authentication nor for transaction approval during the specified period. (In setups without specified cooldown period, newly enrolled 2FA devices will be active directly after registration, as usual.)
  • If required, it is possible to exclude specific low-risk steps from the cooldown period. The end-user will then be able to perform these steps during the cooldown period with the new device. For example, you may want to allow approval of low-value transactions or authentication to unexposed low-risk applications. Excluding a step from the cooldown period can be done directly on the corresponding Step plugin.
  • Be careful with excluding steps from the cooldown period. Especially transactions concerning sensitive data or higher amounts of money should not be possible if you want the cooldown period measure to be effective and useful.

Setting the cooldown period

The cooldown period is defined in the general Airlock 2FA settings.

  1. Proceed as follows:
  2. Go to
    Main Settings >> Authentication Settings >> Airlock 2FA Settings
  3. In section Advanced Settings, property Cooldown Period, set the cooldown period. The format is days (d) hours (h) minutes (m) seconds (s), for instance: 2d 3h 4m 5s. You can omit any part. Example value: 12h.
  4. Airlock IAM allows defining conditions that must be fulfilled in order to start a step. If you have set the conditional plugin Has Suitable Airlock 2FA Device before an authentication or approval step involving Airlock 2FA, ensure that the plugin's property Respect Cooldown Period is enabled (this is the default).
  5. Activate your configuration.
  6. You have now configured a cooldown period for newly-registered Airlock 2FA devices. This cooldown period will be respected by default by all steps involving end-user authentication or action approval with the Airlock 2FA device.

Excluding steps from the cooldown period

If a cooldown period is configured, all plugins involving authentication or approval with Airlock 2FA respect the cooldown period by default.

  • This includes the following Step plugins:
  • Airlock 2FA Authentication Step
  • Airlock 2FA Mobile Only Authentication Step
  • Airlock 2FA Usernameless Authentication Step
  • Airlock 2FA Public Self-Service Approval Step
  • Airlock 2FA Self-Service Approval Step
  • Airlock 2FA Transaction Approval Step

To exclude one of these Step plugins from the cooldown period, you must disable the Respect Cooldown Period property. This property is available directly in the Step plugin, in the Advanced Settings section.

  1. Proceed as follows:
  2. Decide which steps the newly enrolled 2FA device will be allowed to perform during the cooldown period.
  3. Find the corresponding authentication or approval flow. Within the flow, go to the relevant plugin (one of the Step plugins listed previously).
  4. To find the flow and/or plugin, you can use the Config Editor's Search function.

  5. In section Advanced Settings of the step dialog, disable the Respect Cooldown Period property.
  6. If you have set the conditional plugin Has Suitable Airlock 2FA Device before the step, ensure that the conditional plugin's property Respect Cooldown Period is disabled, too.
  7. Repeat the above for all steps you want to exclude.
  8. Activate your configuration.
  9. You have now excluded one or more steps from the cooldown period for newly-registered Airlock 2FA devices.

To allow using the newly enrolled 2FA device for low-value transactions only during the cooldown period, you need to set up two transaction approval flows: One for low-value transactions up to a specified amount, and the other for all transactions with a value higher than the specified amount. Disable the Respect Cooldown Period property only on the approval flow for the low-value transactions.

Also, ensure that your system automatically selects the right flow during the transaction process, based on the transaction amount.

For more information on the configuration of transaction approval flows, see Transaction Approval Configuration.