Mechanisms exist to force users and devices to re-authenticate according to organization-defined circumstances that necessitate re-authentication.