Set Up Session Security

The session security settings allow you to add additional security settings regarding a session (the time a user is logged in to an account).

About this task

To setup session security:

Procedure

  1. Go to Settings > Platform Settings > Security Settings.

    The session security section is located near the bottom of the page.

    Session Security Settings
  2. Go to the Session Security section. From here you can adjust the session security parameters. You can adjust the following settings:
    • Inactive Session Timeout: The Inactive Session Timeout pull-down menu allows you to control how long an inactive session will last before the user is automatically logged off. Shorter inactive sessions are more secure, especially in shared/busy office environments. You can choose the following options:
      • 1 hour
      • 2 hours (Default)
      • 4 hours
      • 6 hours
      • 8 hours
    • Lock sessions to the IP address from which they originate: Checking this box can strengthen session security by making it much harder for "session hijacking" to take place.
      Warning: This setting can POTENTIALLY cause issues if you have a firewall or other network device that automatically changes the originating IP address for each HTTP connection for a user. This is an unusual situation, but a real one. If this box is checked, users will have to start a new session if they enter the application from a different IP address, even if they were already logged in with that session previously. Leaving the box unchecked does not enforce this restriction and mimics current behavior.