You can ensure that a user performs an MFA within a specified time.
MFA lifetime
When you use an access policy with the refresh token flow, the
MFA lifetime condition can be used to ensure that a user performs MFA within a specified time
period. When they refresh their access token, a challenge for MFA is returned. However, the access
token that is issued remains valid after the MFA period expires. It expires when the access token
lifetime is reached. The MFA validity lifetimes are evaluated only when the refresh token flow is
performed.