We are using LDAP for authentication. Our LDAP is set up with an MFA proxy w/ push. We notice we get a lot of denied pushes marked as fraudulent by users that are originating from Vault. The behavior is as follows: user logs into Vault in their web browser; 10-15 minutes later they click another link on the site; the site loads without prompting them to login again, but they get a push on their phone. Even if they deny the push their browser session with Vault is not interrupted until it fully times out hours later.
So, it seems the browser is rebinding to LDAP. Is there a way we can change our Vault config so this doesn’t happen?