diff --git a/cypress/integration/user_fed_kerberos_test.spec.ts b/cypress/integration/user_fed_kerberos_test.spec.ts
index 8c9f0b5129..2bb07862b0 100644
--- a/cypress/integration/user_fed_kerberos_test.spec.ts
+++ b/cypress/integration/user_fed_kerberos_test.spec.ts
@@ -31,13 +31,18 @@ const secondKerberosPrincipal = `${kerberosPrincipal}-2`;
 const secondKerberosKeytab = `${kerberosKeytab}-2`;
 
 const defaultPolicy = "DEFAULT";
-const newPolicy = "EVICT_WEEKLY";
+const weeklyPolicy = "EVICT_WEEKLY";
+const dailyPolicy = "EVICT_DAILY";
+const lifespanPolicy = "MAX_LIFESPAN";
+const noCachePolicy = "NO_CACHE";
+
 const defaultKerberosDay = "Sunday";
 const defaultKerberosHour = "00";
 const defaultKerberosMinute = "00";
 const newKerberosDay = "Wednesday";
 const newKerberosHour = "15";
 const newKerberosMinute = "55";
+const maxLifespan = "60000";
 
 const addProviderMenu = "Add new provider";
 const createdSuccessMessage = "User federation provider successfully created";
@@ -55,7 +60,7 @@ describe("User Fed Kerberos tests", () => {
     sidebarPage.goToUserFederation();
   });
 
-  it("Create Kerberos provider from empty state", () => {
+  it("Should create Kerberos provider from empty state", () => {
     // if tests don't start at empty state, e.g. user has providers configured locally,
     // create a new card from the card view instead
     cy.get("body").then(($body) => {
@@ -77,9 +82,54 @@ describe("User Fed Kerberos tests", () => {
     sidebarPage.goToUserFederation();
   });
 
-  it("Update an existing Kerberos provider and save", () => {
+  it("Should enable debug, password authentication, and first login", () => {
     providersPage.clickExistingCard(firstKerberosName);
-    providersPage.selectCacheType(newPolicy);
+    providersPage.toggleSwitch(providersPage.debugSwitch);
+    providersPage.toggleSwitch(providersPage.passwordAuthSwitch);
+    providersPage.toggleSwitch(providersPage.firstLoginSwitch);
+
+    providersPage.save(provider);
+    masthead.checkNotificationMessage(savedSuccessMessage);
+
+    sidebarPage.goToUserFederation();
+    providersPage.clickExistingCard(firstKerberosName);
+
+    providersPage.verifyToggle(providersPage.debugSwitch, "on");
+    providersPage.verifyToggle(providersPage.passwordAuthSwitch, "on");
+    providersPage.verifyToggle(providersPage.firstLoginSwitch, "on");
+  });
+
+  it("Should set cache policy to evict_daily", () => {
+    providersPage.clickExistingCard(firstKerberosName);
+    providersPage.selectCacheType(dailyPolicy);
+    providersPage.changeCacheTime("hour", newKerberosHour);
+    providersPage.changeCacheTime("minute", newKerberosMinute);
+    providersPage.save(provider);
+
+    masthead.checkNotificationMessage(savedSuccessMessage);
+    sidebarPage.goToUserFederation();
+    providersPage.clickExistingCard(firstKerberosName);
+
+    expect(cy.contains(dailyPolicy).should("exist"));
+    expect(cy.contains(defaultPolicy).should("not.exist"));
+  });
+
+  it("Should set cache policy to default", () => {
+    providersPage.clickExistingCard(firstKerberosName);
+    providersPage.selectCacheType(defaultPolicy);
+    providersPage.save(provider);
+
+    masthead.checkNotificationMessage(savedSuccessMessage);
+    sidebarPage.goToUserFederation();
+    providersPage.clickExistingCard(firstKerberosName);
+
+    expect(cy.contains(defaultPolicy).should("exist"));
+    expect(cy.contains(dailyPolicy).should("not.exist"));
+  });
+
+  it("Should set cache policy to evict_weekly", () => {
+    providersPage.clickExistingCard(firstKerberosName);
+    providersPage.selectCacheType(weeklyPolicy);
     providersPage.changeCacheTime("day", newKerberosDay);
     providersPage.changeCacheTime("hour", newKerberosHour);
     providersPage.changeCacheTime("minute", newKerberosMinute);
@@ -89,28 +139,54 @@ describe("User Fed Kerberos tests", () => {
     sidebarPage.goToUserFederation();
     providersPage.clickExistingCard(firstKerberosName);
 
-    expect(cy.contains(newPolicy).should("exist"));
+    expect(cy.contains(weeklyPolicy).should("exist"));
     expect(cy.contains(defaultPolicy).should("not.exist"));
   });
 
-  it("Change existing Kerberos provider and click button to cancel", () => {
+  it("Should edit existing Kerberos provider and cancel", () => {
     providersPage.clickExistingCard(firstKerberosName);
-    providersPage.selectCacheType(newPolicy);
+    providersPage.selectCacheType(weeklyPolicy);
 
     providersPage.changeCacheTime("day", defaultKerberosDay);
     providersPage.changeCacheTime("hour", defaultKerberosHour);
     providersPage.changeCacheTime("minute", defaultKerberosMinute);
 
     providersPage.cancel(provider);
-    cy.wait(1000);
 
     providersPage.clickExistingCard(firstKerberosName);
-    providersPage.selectCacheType(newPolicy);
+    providersPage.selectCacheType(weeklyPolicy);
 
     providersPage.verifyChangedHourInput(newKerberosHour, defaultKerberosHour);
     sidebarPage.goToUserFederation();
   });
 
+  it("Should set cache policy to max_lifespan", () => {
+    providersPage.clickExistingCard(firstKerberosName);
+    providersPage.selectCacheType(lifespanPolicy);
+    providersPage.fillMaxLifespanData(maxLifespan);
+    providersPage.save(provider);
+
+    masthead.checkNotificationMessage(savedSuccessMessage);
+    sidebarPage.goToUserFederation();
+    providersPage.clickExistingCard(firstKerberosName);
+
+    expect(cy.contains(lifespanPolicy).should("exist"));
+    expect(cy.contains(weeklyPolicy).should("not.exist"));
+  });
+
+  it("Should set cache policy to no_cache", () => {
+    providersPage.clickExistingCard(firstKerberosName);
+    providersPage.selectCacheType(noCachePolicy);
+    providersPage.save(provider);
+
+    masthead.checkNotificationMessage(savedSuccessMessage);
+    sidebarPage.goToUserFederation();
+    providersPage.clickExistingCard(firstKerberosName);
+
+    expect(cy.contains(noCachePolicy).should("exist"));
+    expect(cy.contains(lifespanPolicy).should("not.exist"));
+  });
+
   it("Disable an existing Kerberos provider", () => {
     providersPage.clickExistingCard(firstKerberosName);
     providersPage.disableEnabledSwitch(initCapProvider);
diff --git a/cypress/support/pages/admin_console/manage/providers/ProviderPage.ts b/cypress/support/pages/admin_console/manage/providers/ProviderPage.ts
index 3dfb6cf8f9..800758650f 100644
--- a/cypress/support/pages/admin_console/manage/providers/ProviderPage.ts
+++ b/cypress/support/pages/admin_console/manage/providers/ProviderPage.ts
@@ -48,7 +48,7 @@ export default class ProviderPage {
   private ldapGroupsDnInput = "groups.dn";
   private ldapRolesDnInput = "roles.dn";
 
-  // mapper types
+  // Mapper types
   private msadUserAcctMapper = "msad-user-account-control-mapper";
   private msadLdsUserAcctMapper = "msad-lds-user-account-control-mapper";
   private userAttLdapMapper = "user-attribute-ldap-mapper";
@@ -70,6 +70,13 @@ export default class ProviderPage {
   private groupName = "aa-uf-mappers-group";
   private clientName = "aa-uf-mappers-client";
 
+  private maxLifespan = "kerberos-cache-lifespan";
+
+  // Kerberos settings switch input values
+  debugSwitch = "debug";
+  firstLoginSwitch = "update-first-login";
+  passwordAuthSwitch = "allow-password-authentication";
+
   changeCacheTime(unit: string, time: string) {
     switch (unit) {
       case "day":
@@ -133,6 +140,22 @@ export default class ProviderPage {
     return this;
   }
 
+  fillMaxLifespanData(lifespan: string) {
+    cy.findByTestId(this.maxLifespan).type("x");
+    cy.findByTestId(this.maxLifespan).clear().type(lifespan).blur();
+    return this;
+  }
+
+  toggleSwitch(switchName: string) {
+    cy.findByTestId(switchName).click({ force: true });
+    return this;
+  }
+
+  verifyToggle(switchName: string, value: "on" | "off") {
+    cy.findByTestId(switchName).should("have.value", value);
+    return this;
+  }
+
   fillLdapRequiredGeneralData(name: string, vendor: string) {
     if (name) {
       cy.get(`[${this.ldapNameInput}]`).clear().type(name);
diff --git a/src/user-federation/kerberos/KerberosSettingsRequired.tsx b/src/user-federation/kerberos/KerberosSettingsRequired.tsx
index e6d3805044..524c0e08f4 100644
--- a/src/user-federation/kerberos/KerberosSettingsRequired.tsx
+++ b/src/user-federation/kerberos/KerberosSettingsRequired.tsx
@@ -225,6 +225,7 @@ export const KerberosSettingsRequired = ({
             render={({ onChange, value }) => (
               <Switch
                 id={"kc-debug"}
+                data-testid="debug"
                 onChange={(value) => onChange([`${value}`])}
                 isChecked={value?.[0] === "true"}
                 label={t("common:on")}
@@ -252,6 +253,7 @@ export const KerberosSettingsRequired = ({
             render={({ onChange, value }) => (
               <Switch
                 id={"kc-allow-password-authentication"}
+                data-testid="allow-password-authentication"
                 onChange={(value) => onChange([`${value}`])}
                 isChecked={value?.[0] === "true"}
                 label={t("common:on")}
@@ -320,6 +322,7 @@ export const KerberosSettingsRequired = ({
             render={({ onChange, value }) => (
               <Switch
                 id={"kc-update-first-login"}
+                data-testid="update-first-login"
                 onChange={(value) => onChange([`${value}`])}
                 isChecked={value?.[0] === "true"}
                 label={t("common:on")}