Managing Session Settings

Define session expiration, the sign-in, sign-out, and error URLs, and configure Allow Cross-Origin Resource Sharing (CORS) to allow client applications that run on one domain to obtain data from another domain.

Required Policy or Role

To change session settings, you must have one of the following access grants:
  • Be a member of the Administrators group
  • Be granted the Identity Domain Administrator role or the Security Administrator role
  • Be a member of a group granted manage domains

To understand more about policies and roles, see The Administrators Group, Policy, and Administrator Roles, Understanding Administrator Roles, and Understanding Policies.

Using the Console

Changing Session Settings

  1. Open the navigation menu and click Identity & Security. Under Identity, click Domains.
  2. Select the identity domain you want to work in and click Settings and then Session settings.
  3. In the Session duration (in minutes) field, enter the duration in minutes for which the user’s session is valid. The user's session times out after the session duration has been reached regardless of actual user activity or inactivity.
  4. In the My Apps idle timeout (in minutes) field, enter the duration after which a user is automatically signed out of the My Apps console of this identity domain because of inactivity.
  5. In the Sign-in URL field, enter the URL where you want the user redirected to log in.
  6. To allow sign-in customization for the Admin Console, select Allow custom sign-in page.
  7. To show only the username field on the Sign In page, check Enable username first flow.
  8. Enter a Sign-out URL. For example, to redirect the user to the My profile console, enter /ui/v1/myconsole.
  9. In the Error URL field, enter the tenant-specific error page URL to which a user is redirected after an error. This URL is used when the Application-specific Custom Error URL is not specified for an Application.
  10. In the Social linking callback URL field, enter the URL to redirect to after linking a user between social providers and IAM is complete. This URL is used when the Application-specific Social linking callback URL is not specified for an Application.
  11. (Optional) Turn on Allow cross-origin resource sharing (CORS). CORS allows client applications from one domain to obtain data from another domain. If you turn on this option, you might also want to set the Allowed CORS domain names option.
  12. Leave the Show the specific error message for login policy violation option on.
    This option is turned on by default and allows the system to display the specific policy-violation error-message if the login policy is violated. If the option is turned off, the system displays the standard error message.
  13. Click Save changes.