SOLUTIONS

category image

Signing up

category image

Onboarding

category image

Overview & General Navigation

category image

Application Management

category image

User Management

category image

Departments

category image

Transactions

category image

Contract and License Management

category image

Security and Compliance

category image

Integrations

category image

Workflow and Automations

category image

Settings

category image

General Features

category image

Zluri Agents

Login-Logout Settings


Summary:


Parameter

Duration

Inactivity Timeout

6 hours

Require Login after

24 hours

Absolute Lifetime (Rotation Token)

24 hours

Inactive Lifetime (Rotation Token)

1 hour

Inactive Lifetime (Refresh Token)

6 hours (21600 seconds)

Inactive Lifetime (ID Token)

1800 seconds

Inactive Lifetime (Access Token)

7200 seconds



Login-Logout Configuration:


  1. Users will be asked to log in again unless they are active within a 6 hours period.

  2. Regardless of the activity, users must log in after 24 hours duration.


Zluri has also enabled the rotation token, which has a different configuration.


Token Configuration:


  1. The absolute lifetime of the rotation token is set as 24 hours.

  2. The inactive lifetime of the rotation token is set as 1 hour.

  3. If the rotation token is invalid - the app will try to silently authenticate again which has inactivity set to 6 hours.

  4. The inactive lifetime of the refresh token is set as 6 hours.

  5. The inactive lifetime of the ID token is set as 1800 seconds.

  6. The inactive lifetime of the access token is set as 7200 seconds


Inactivity Lifetime:


  1. The inactivity lifetime provides an additional security measure by allowing tokens to expire if they have been inactive for a specific duration.

  2. This prevents long-lived unused tokens from posing a security threat.



Absolute Lifetime:


  1. The absolute lifetime of the rotation token sets an upper limit on the total lifespan of the refresh token. 

  2. This is not dependent on the user activity.

  3. This ensures even if the token is unused; it will eventually expire.

Can’t find what you are looking for? Let us help you!

Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Login-Logout Settings

            Modified on Thu, 22 Jun, 2023 at 2:11 PM


            Summary:


            Parameter

            Duration

            Inactivity Timeout

            6 hours

            Require Login after

            24 hours

            Absolute Lifetime (Rotation Token)

            24 hours

            Inactive Lifetime (Rotation Token)

            1 hour

            Inactive Lifetime (Refresh Token)

            6 hours (21600 seconds)

            Inactive Lifetime (ID Token)

            1800 seconds

            Inactive Lifetime (Access Token)

            7200 seconds



            Login-Logout Configuration:


            1. Users will be asked to log in again unless they are active within a 6 hours period.

            2. Regardless of the activity, users must log in after 24 hours duration.


            Zluri has also enabled the rotation token, which has a different configuration.


            Token Configuration:


            1. The absolute lifetime of the rotation token is set as 24 hours.

            2. The inactive lifetime of the rotation token is set as 1 hour.

            3. If the rotation token is invalid - the app will try to silently authenticate again which has inactivity set to 6 hours.

            4. The inactive lifetime of the refresh token is set as 6 hours.

            5. The inactive lifetime of the ID token is set as 1800 seconds.

            6. The inactive lifetime of the access token is set as 7200 seconds


            Inactivity Lifetime:


            1. The inactivity lifetime provides an additional security measure by allowing tokens to expire if they have been inactive for a specific duration.

            2. This prevents long-lived unused tokens from posing a security threat.



            Absolute Lifetime:


            1. The absolute lifetime of the rotation token sets an upper limit on the total lifespan of the refresh token. 

            2. This is not dependent on the user activity.

            3. This ensures even if the token is unused; it will eventually expire.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0