Single sign-on session timeout
A STA single sign-On (SSO) session exists only in the context of a browser instance and starts when a user successfully accesses an application using STA. If a user concurrently accesses applications from different browser sessions, then the user will have a distinct SSO session for each of those browser sessions.
The application session is not controlled by the SSO session timeout.
You can define the maximum time between two successive application access attempts before STA ends the session.
User view
Depending on the policy settings and whether the SSO session already exists, user access requests are processed as shown in the following figure.
STA is invoked when the user logs out from an application that is part of their SSO session. In the case of SAML, this happens only if the standard SAML logout protocol is used.
STA does not monitor the SSO session nor react to changes to the context; for example, a change of IP address for the user during the SSO session.
SSO session termination
A STA SSO session ends when any of the following occur:
-
The user closes their browser session.
Exception: If the browser is set to auto-restore, the session continues when the browser re-opens.
-
The user logs out of an application that is part of the SSO.
Exception: If the application does not support SAML logout, the session continues.
-
The user does not initiate an access attempt before the SSO Session Timeout setting is reached.
-
The maximum total duration of the SSO session (8 hours) is reached. This maximum is not configurable.
-
The session has been terminated by the session termination API.
When a STA SSO session ends, the user remains logged on to their applications. However, when they next attempt to access an application, STA initiates a new SSO session.
Configure the SSO session timeout
You can define the maximum time between two successive application access attempts before STA ends the session.
To configure the SSO session timeout period:
-
On the STA Access Management console, select the Settings tab, select Session Timeout and then select Edit.
-
Click within the field provided and select the value that meets your organization's requirements.
The values supported by STA are: 15, 30, 45, or 60 minutes; as well as 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, or 12 hours.
-
Click Save.