1. Implementing Sourcing

21Security Configuration

Security Configuration

    Security Settings Overview

    The Security configuration module enables Administrators to configure security settings related to password formats, single sign-on (SSO), and session timeout.

    The following sections are available in the new Security module:

    • Password Settings

    • Session Timeout Security Settings

    • SSO/SAML Settings (OIF)

    • Security Settings

      User Session Timeout

      There are two configuration settings, Session Maximum Inactive Interval (Seconds) and Session Timeout Reminder Interval (Seconds), that allow Administrators to expire a user’s login session after a particular time period of browser inactivity.

      When a user abandons their session without terminating their login session, the session will be terminated unless action is taken by the user. A warning modal displays to the user advising them that their session will be terminated within a particular time period unless they extend their session by clicking OK on the modal. Clicking OK dismisses the modal and resets the timers. If no action is taken, the session terminates within the time configured by the Administrator.

      The feature is enabled at upgrade and cannot be disabled; a positive integer must be entered in both configurations. The delivered default value for the Session Maximum Inactive Interval is 1800 seconds. The delivered default value for the Session Timeout Reminder Interval is 1500 seconds.

        Identity Provider Logout for SSO Users

        When enabled, the SSO Global Logout setting terminates an employee’s session on the Identity Provider (IdP) when their Sourcing session is terminated either manually or through abandonment. This feature is disabled at upgrade.

        Note: All concurrent sessions within the browser will be terminated for the user if Global Logout is invoked through session termination in Sourcing. This may cause friction for users with concurrent applications using the network.

          Exit URL for SSO Users

          The SSO Exit URL setting allows Administrators to enter a configurable Exit URL.

          Employees who are authenticated through SSO can now be directed to a specific destination page via the Exit URL when they terminate their session. Using this configurable Exit URL also ensures that employees only use the site in the authenticated state.

          The default value at upgrade is blank; no value is entered in the SSO Exit URL setting. In this state, SSO users are directed to the site’s home page when terminating a session.

          Note: The SSO Exit URL setting accepts a single value which is applied to all users terminating sessions from SSO.

            Security Configuration Settings

              Security Configuration