I haven't tried setting it up, but looks like you can do the same on the Two-Factor Authentication Roles page, set the Duration of Trusted Device time