While logging in through the lock screen, Google Chrome OS can authenticate against a server (online) or using a cached password (offline).
When this policy is set to -2, it will match the value of the login screen offline signin time limit which comes from SAMLOfflineSigninTimeLimit.
When the policy is unset or set to a value of -1, it will not enforce online authentication on the lock screen and will allow the user to use offline authentication unless a different reason than this policy enforces an online authentication.
If the policy is set to a value of 0, online authentication will always be required.
When this policy is set to any other value, it specifies the number of days since the last online authentication after which the user must use online authentication again in the next login through the lock screen.
This policy affects users who authenticated using SAML.
The policy value should be specified in days.