Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User inactivity timeout settings question

Go to solution
sjordheim23
New Contributor III
New Contributor III

‎01/10/2024 08:13 AM

Hello, as some background, we have a custom SSO IdP configured for user authentication to our Saviynt environments. I'm attempting to set the user inactivity timeout settings in Saviynt and had questions on how a few of these properties / preferences work together. 

We have the "grails.plugin.springsecurity.saml.maxAuthenticationAge" property in the AuthenticationConfig.groovy file and the "Http Session Time Out In Minute(s)" global preference configured as desired, but users are still getting timed out sooner than expected in some cases.

Does the "Http Session Time Out In Minute(s)" global preference setting override the SSO provider's inactivity timeout settings?

For example, if we configure that "Http Session Time Out In Minute(s)" preference to an hour, but the SSO provider's default inactivity timeout setting is configured for 10 minutes, does the SSO win and time a user out from Saviynt after 10 minutes of inactivity?

0 Kudos
3 REPLIES 3

Go to solution
rushikeshvartak
All-Star
All-Star

‎01/10/2024 06:50 PM

idp & authentication groovy config is for SSO whereas after Saviynt has been logged in either via SSO / Basic authentication then 30 minutes is http session timeout for saviynt 

grails.plugin.springsecurity.saml.maxAuthenticationAge

Specify the maximum duration (in seconds) users can log in with SSO after initial authentication through the IdP.

Note: The maxAuthenticationAge value must be lesser than or equal to the session logout value defined in the IdP.

Example: 86000

https://saviynt.freshdesk.com/support/solutions/articles/43000661162-saml-metadata-files 

https://docs.saviyntcloud.com/bundle/Internal-Resources/page/Content/Handbooks/Handbook-for-v2021-0-... 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
sjordheim23
New Contributor III
New Contributor III
In response to rushikeshvartak

‎01/11/2024 08:55 AM - edited ‎01/11/2024 08:56 AM

Thanks! To make sure I'm understanding it right, the property that controls session inactivity time outs once a user is logged into Saviynt would be that "Http Session Time Out In Minute(s)", correct?

(With the maxauthenticationage property controlling how long their session can last regardless.)

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to sjordheim23

‎01/11/2024 12:30 PM

Yes


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos
Copyright © 2024 Khoros, LLC