Session Timeout Control

Session Timeout is an important security feature. It isn’t good practice to leave workstations indefinitely logged into online services, or even simply to leave computers unmanned for periods of time. Session Timeout exists to make sure sessions close when they are no longer in use. The Session Timeout function adds significant benefit to the SAML/WS-Federation protocols. IT Administrators often don’t have the control they would ideally want to set the session timeout to intervals that best suit their users’ or organisation’s requirements. Our Session Timeout Control feature gives IT Administrators this control back. We provide two main types of timeout:

  1. Idle timeout, where the user is away from the system leading to inactivity, e.g. if the page hasn’t received an user activity, or the mouse hasn’t triggered any on-mouse events. This timeout countdown will reset whenever the user interacts with the web page. Ensuring idle users are logged out quickly significantly reduces system exposure to data breech.
  2. Force-response timeout, triggered after a certain period of time. This ignores the user activity and automatically prompts the user to remain logged in. If the users don’t react to the prompt and acknowledge they wish to remain logged in, IAM Cloud will automatically sign them out.

Organisations can choose to use either method, or both, and can set the time durations for each independently. So idle timeout could be set to 60 seconds, whereas force-response timeout could be set to 45 minutes. When a timeout event begins, there are two types of alert:

1) Status bar notification.
An subtly elegant notification bar appears across the top of their work window letting them know they need to act to prevent being logged out.

StatusBarSessionTO

2) Popup alert.
Significantly more overt than the status bar notification. It pops up a modal window in the centre of the user’s screen with a countdown timer until the session expires.

popup alert

Organisations can use either alert, or both. An organisation could set the status bar notification running 120 seconds before logout occurs, and then have it change to the popup alert with 15 seconds to go.

How does this work with SharePoint and SharePoint Online?

Microsoft SharePoint is a leading collaborative file management system, used by large number of mid-large organisations around the world. By default, SharePoint has a 10-hour session timeout. For a number of organisations this does not meet their security requirements.

SharePoint-logo380With on-premises SharePoint implementations it is possible to change this through scripting, but with SharePoint Online it is not. Not until now, anyway. IAM Cloud provide organisations with total control over session timeout for SharePoint and SharePoint Online, among many other applications.

IAM Cloud gives IT administrators control to ensure their IT best meets the needs of their organisations. With the added security and control provided by IAM Cloud, organisations can condidently adopt the productivity and scalability benefits of the cloud, all while greatly enhancing data security.

How Session Timeout Control actually works

With Session Timeout Control there is no client install, or even an add-on to SharePoint. It is achieved entirely through IAM Cloud’s control of the SAML authentication process. This means it can be deployed and configured very simply, quickly and securely. Plus, because it doesn’t rely on a client install, it means that it works on any device.