21Security Configuration
Security Configuration
Security Settings Overview
The Security configuration module enables Administrators to configure security settings related to password formats, single sign-on (SSO), and session timeout.
The following sections are available in the new Security module:
-
Password Settings
-
Session Timeout Security Settings
-
SSO/SAML Settings (OIF)
-
Security Settings
User Session Timeout
There are two configuration settings, Session Maximum Inactive Interval (Seconds) and Session Timeout Reminder Interval (Seconds), that allow Administrators to expire a user’s login session after a particular time period of browser inactivity.
When a user abandons their session without terminating their login session, the session will be terminated unless action is taken by the user. A warning modal displays to the user advising them that their session will be terminated within a particular time period unless they extend their session by clicking OK on the modal. Clicking OK dismisses the modal and resets the timers. If no action is taken, the session terminates within the time configured by the Administrator.
The feature is enabled at upgrade and cannot be disabled; a positive integer must be entered in both configurations. The delivered default value for the Session Maximum Inactive Interval is 1800 seconds. The delivered default value for the Session Timeout Reminder Interval is 1500 seconds.
Identity Provider Logout for SSO Users
When enabled, the SSO Global Logout setting terminates an employee’s session on the Identity Provider (IdP) when their Sourcing session is terminated either manually or through abandonment. This feature is disabled at upgrade.
Exit URL for SSO Users
The SSO Exit URL setting allows Administrators to enter a configurable Exit URL.
Employees who are authenticated through SSO can now be directed to a specific destination page via the Exit URL when they terminate their session. Using this configurable Exit URL also ensures that employees only use the site in the authenticated state.
The default value at upgrade is blank; no value is entered in the SSO Exit URL setting. In this state, SSO users are directed to the site’s home page when terminating a session.