Session Timeout

The session timeout features requires users to re-enter either their passwords or their full credentials after a given period without user interaction.

Account administrators can set the Session timeout and Redirect user's page after timeout periods in Administration > Global Settings > Account > Security Options:

• Session timeout: This option controls the time a session may be inactive before the employee is automatically locked out and prompted to re-enter their password. Session timeout avoids OpenAir sessions from being used by others on a shared machine. Session timeouts should be set according to the data security policies your company has in place. The default and maximum period for the session timeout is 5 hours.

  Note:

  You may have different categories of OpenAir users in your company, such as power users who use OpenAir all the time, and time and expenses users who use OpenAir one time a week or less. You should select a session timeout value that does not inhibit power users. This is generally a 30 minute to 1 hour window.

• Redirect user's page after timeout: This option controls the time a session may be locked out before the user is automatically signed out and redirected. The user will be redirected either to the OpenAir sign-in page or to the alternate URL configured in Administration > Global Settings > Account > Integration: SAML Single Sign-On, if this feature is enabled on your account. This option can be set to “On timeout” or to a finite period up to a maximum of 6 hours. It should be set according to the data security policies your company has in place.