When a user successfully signs in to their digital workplace, they create an active session between their user account and workplace. With an active session, a user can browse and interact with the content of their workplace as permitted by the access rules of the workplace. A user loses this ability to interact with their workplace's access/membership restricted content when their session ends, and they are signed out of their workplace.
Sessions are handled independently between different web browsers and applications (e.g., Mobile App, File Manager, and the Windows Desktop tool). What happens to a session in one application does not affect sessions in any other application.
A user's session stays active as long as they are active in their workplace. However, after a period of inactivity, a user's session is terminated, and they will be signed out of their workplace. How long this period of inactivity must be before a user is signed out is configurable with the Configurable Session Timeout setting found on the Sign In Settings page (Control Panel > Sign In Settings).
Before a user's session is terminated due to inactivity, a popup prompts users to extend their session. If the user extends their session, the inactivity period is reset; otherwise, their session will be terminated, and they will be signed out of their workplace.
This inactivity interval also applies to sessions created in the:
- File Manager
- Windows Desktop Tool
While the Web View tab of the Mobile App also uses this inactivity period, the Mobile App does not. This results in the Mobile App automatically creating a new session for the Web View when the previous one expires due to inactivity.
Closing the browser
Sessions can also be configured to terminate when user's close their browser. Browser Session Termination can be enabled/disabled on the Sign in Settings page (Control Panel > Sign In Settings).
Browser Session Termination also applies to sessions in the:
- File Manager: Closing the app signs the user out.
Finally, a user can end their session directly by signing out of their workplace:
- In the browser: User Menu > Sign out
- In the File Manager: Main Menu > Log out of this workplace
- In the Windows Desktop Tool: Right-click anywhere inside the explorer window while browsing the workplace > Sign Out
- In the Mobile App: Settings Panel > Logout
If a digital workplace is configured to allow users to click Remember Me before they sign in, users who click this option will have their session last 30 days and won't be signed out due to inactivity. Remember Me can be enabled/disabled on the Sign in Settings page (Control Panel > Sign In Settings).
- Remember Me is only useable by:
- Users who sign in to their workplace using Igloo Authentication
- Users who sign in to their workplace using LDAP Authentication
- Remember Me can only be selected when signing into your workplace using:
- A web browser
- The File Manager
- The Windows Desktop Tool
The Remember Me option found when signing into the Mobile App functions differently than this. Refer to the article Signing in to the app to learn more about the role of Remember Me in the Mobile App.
How single sign-on interacts with workplace sessions
Users who sign in to their digital workplace using single sign-on (SSO) have two sessions to consider:
- The session with their identity provider (IdP)
- The session with their digital workplace
In these situations, when a user's session is terminated with their digital workplace, a new session is created if they still have an active session with their IdP. Similarly, if a user's browser already has an active session with their IdP, they will automatically have a workplace session created when they go to their workplace.
A digital workplace's session will only impact a user's IdP session if the workplace's SAML configuration has a value configured for IdP Logout URL. This setting will cause the user's IdP session, and workplace session to be terminated when they click Sign out (User Menu > Sign out). This setting is found on the SAML Configuration page of the workplace (Control Panel > Sign In Settings > Configure SAML Authentication).