Session and account inactivity settings
FollowThe Inactivity behaviour section, within Company preferences (tab Security), lets you configure two distinct access protection mechanisms: account expiry and automatic session timeout.
Accessing the section
Go to Account > Company preferences, tab Security. The settings are in the Inactivity behaviour panel.
Unused account deactivation (days)
This field defines the number of days after which an account is considered expired, calculated from the Expiry date set on each user's profile.
If left empty, the feature is disabled and account expiry is not enforced by the platform.
Allowed values: 30 to 1460 days (4 years).
Effect on the user profile
When this setting is configured, two additional fields appear on each user's edit form (Security > Users):- Account never expires: when enabled, the account is not subject to expiry, regardless of the date set
- Expiry date: the date after which the account can no longer access the platform. Required when Account never expires is unchecked
When a new user is created, the Expiry date is automatically pre-set to today's date plus the number of days configured.
If Unused account deactivation is not configured, the Account never expires and Expiry date fields are not shown on the user profile.
- What happens when an account expires
At login, if the Expiry date has passed and Account never expires is unchecked, access is blocked and the user sees an error message prompting them to contact support.
The account is not disabled automatically in advance: the block only occurs at the moment of the login attempt. To re-enable a user, open their profile and set a future Expiry date, or enable Account never expires.
- Users created automatically via Single Sign-On
If automatic SSO user provisioning is enabled, accounts are created automatically on the first login via the corporate identity provider (for example Active Directory or a SAML Identity Provider). In this case the Expiry date is not set automatically and the account is not subject to expiry, even if Unused account deactivation is active.
If you want SSO-provisioned accounts to be subject to expiry as well, you need to open each user's profile and set the Expiry date manually.
Inactive session timeout (minutes)
This field defines how many minutes of inactivity elapse before a user's session is automatically closed by the platform.
If left empty, the system-level default value is applied (shown as placeholder text in the field).
Allowed values: 60 minutes (1 hour) to 2880 minutes (48 hours).
- What happens when a session expires
After the configured number of minutes without any interaction with the platform, the session is closed and the user is redirected to the login page with a message indicating the session has expired.
The account is not locked: the user can log in again immediately.
Comments
0 comments
Please sign in to leave a comment.