Session Behavior
Overview
The Secure Work console controls access to its resources through usage of a session. A session is tied to a user and is created after the user authenticates and logs into the Secure Work console. The session ends when it expires after a set time or the user logs out.
In addition, when a session inactivity timeout is set, the user is logged out after a set period of inactivity. Any activity in the console (such as navigating to another page or using pagination) will reset the inactivity timer, as long as the console is open in at least one browser window. If all console tabs/windows are closed, the timer is not refreshed until the console is reopened.
When a user is logged out of the Secure Work console due to session expiration or inactivity timeout, they must re-authenticate to regain access to the application.
Current Timeout Settings
| Setting | Time | Description |
|---|---|---|
| Session duration | 1 hour | Amount of time before a session expires. This expiration occurs regardless of whether the console is open in a window. |
| Session inactivity timeout | 15 minutes | Amount of time a user can remain inactive in an open console window before being logged out. |
Why We Default to 15 Minutes of Inactivity
The 15-minute inactivity timeout aligns with common security best practices for administrative consoles, helping to prevent unauthorized access if a user leaves their session unattended. This balance aims to protect security without overly disrupting typical workflows.
Can the Time Be Changed?
- Currently: The inactivity timeout for a specific tenant can be changed by Beyond Identity Support through an internal feature flag. Customers cannot change this setting directly in the Secure Work console.
- Self-Service: A self-service option to configure timeouts within the console is not yet available.
- Note: Disabling the inactivity timeout altogether is not supported at this time.