Configure Hard Session Timeout through OneLogin IdP SSO

Important

This page contains information for legacy Threat Stack customers who log into Distributed Cloud AIP using app.threatstack.com. If you log into Distributed Cloud AIP using F5 Distributed Cloud Services (F5XC), see User Management for information about configuring SSO in F5XC using Google, Azure, or Okta.

F5 Distributed Cloud App Infrastructure Protection (AIP) automatically ends sessions after eight hours. This is known as a hard session timeout. Optionally, you can customize Distributed Cloud AIP sessions to always end after a different time period. You set this customization through the OneLogin Identity Provider (IdP) Single Sign On (SSO). Both Distributed Cloud AIP and OneLogin must be integrated with your application before you can configure the hard session timeout.

  1. Go to the Distributed Cloud AIP application definition.
  2. In the left navigation tab, click Parameters. The Parameters screen displays.
  3. In the SAML Test Connector (IdP) Field table, click the blue + (plus) button. The Add Field dialog displays.
  4. In the Name field, type "sessionTimeoutMinutes".
  5. Click the Save button. The Add Field dialog closes and the new parameter displays in the SAML Test Connector (IdP) Field table.
  6. In the sessionTimeoutMinutes field, click the Edit button. The Edit Field sessionTimeoutMinutes dialog displays.
  7. From the Value drop-down menu, select Macro.
  8. In the value field, type the amount of time, in minutes, after which a Distributed Cloud AIP session automatically ends. For example, if you want a session to automatically time out after 15 minutes, then type "15".
  9. Click the Save button. The Edit Field sessionTimeoutMinutes dialog closes.
  10. On the Parameters screen, click the Save button. The next time you or any of your users log out of Distributed Cloud AIP, and before you or any of your users log back in again, the new hard session timeout takes effect.

Note

To revert back to the Distributed Cloud AIP default hard session timeout of eight hours, either delete the sessionTimeoutMinutes parameter or change its value to a blank string.

Was this article helpful?
0 out of 0 found this helpful