Register
Ask the Community

Enforce session timeout when user is active for long period (e.g. 12 hours)

0 Kudos

Enforce session timeout when user is active for long period (e.g. 12 hours)

Status: Needs Community Support Submitted by michiel.jeuken on ‎10-17-2019 07:10 AM
2 Comments (2 New)

To enforce a re-authentication for a user per tenant.

This is a company security requirement for systems working with Most Confidential data.

The requirements are session re-authentication in 12 hours or 15 minutes inactivity

The max period a user can stay active should be configurable or potential be specified as an assertion or time value in the SAML token (SSO) for Anaplan to act upon.

Currently Anaplan user can stay in the system for days as long as user stays active (e.g. using a robot)

2 Comments
Miran
Community Manager
Community Manager
‎10-18-2019 05:38 AM
‎10-18-2019 05:38 AM
 
Status changed to: Needs Community Support
michiel.jeuken
michiel.jeuken
New Contributor
‎11-19-2019 12:27 AM
‎11-19-2019 12:27 AM

According to Rob Marshall (Anaplan):

two types of timeouts where the user will need to reauthenticate:

  • After 30 minutes of inactivity
  • We also have a “wellness timeout” which is at 12 hours.  Meaning, if a user is logged in and has been doing work consistently, they will be required to reauthenticate at the 12 hour mark.  We call it a “wellness” timeout, but it could also be referred to as a “get a life” timeout

This is not (yet) documented, assuming this is indeed the case -> wellness timeout is meeting our company MC control

Users Online
Currently online: 270 members 818 guests
Recent signins:
Please welcome our newest community members:
View All