To reduce security risks during use:
Periodically change the passwords for the default Identity Manager administrator accounts (Administrator and Configurator).
Log out of Identity Manager when not actively using the system.
Set or know the default timeout period for an Identity Manager session. Session timeout values may differ, as they can be set independently for each login application.
If your application server is Servlet 2.2-compliant, the Identity Manager installation process sets the HTTP session timeout to a default value of 30 minutes. You can change this value by editing the property; however, you should set the value lower to increase security. Do not set the value higher than 30 minutes.