A short guide to login sessions and timeouts in your digital workplace.
When someone logs in to your Igloo, they create a login session. How long these sessions last, and whether they're customizable is probably one of the most common questions we receive in Support. It's documented in the Knowledge Base, but there are a lot of particulars to your members' sessions that are worth understanding, as well as a new feature in our next release that can affect them.
Timeouts happen when your session is idle for three hours and twenty minutes. That means no typing or navigation at all, or that timer starts over again. At the three hour mark, a countdown will appear on the page, with a button to keep your session alive. When that clock reaches zero, the session expires in all tabs in that browser.
Sign in settings
The Remember Me option on the login page doesn't affect your immediate session, but lets the platform know that when your session has expired in that browser, and you visit an area of your digital workplace, it should start a new session for you without prompting a login.
Signing out ends your session, but default browser settings will retain the session cookie for twenty minutes typically, so navigating back to your digital workplace will log you in and start a new session automatically.
Single Sign On
The Igloo platform uses SAML 2.0 for Single Sign On, letting you manage people's credentials with a separate identity provider like Microsoft Azure, or Google. This also won't affect session timeouts, though. Instead, the identity provider will maintain its own session, and log people back in based on that session timer. If your session with Igloo has expired, but you still have one with Google, the next link you click in Igloo will log you in and start a new session.
Tonight's release will add an option for Administrators that terminates the session cookie as soon as someone signs out, informing the browser that it should remove that token immediately, rather than waiting for an expiry. This can give you finer control of the nature of people's sessions, and is especially useful for compliance, as well as workplaces where people use shared machines.
For more information about what's in tonight's release in the release notes, and if you have any questions about sessions, you can ask a question in the Community area, consult the Knowledge Base, or attend our What's New in Igloo webinar on August 16.