Jump to content

Single User Not Hitting Timeout


rhunter

Recommended Posts

I am hoping someone can lead me in the right direction or maybe provide some knowledgeable ideas. I have one user, who happens to be the CTO, that does not get a timeout from their browser login. He is using Chrome and also has the browser extension installed, and reports that he uses it quite a bit. Our timeout is set to 240 minutes and to my knowledge everyone else is getting logged out due to inactivity. I understand why he doesn't get disconnected during the day if he is using this consistently, but he isn't even getting logged out over weeknights or weekends.

 

Things I have checked/verified

  • His user is set to use System Wide Authentication Settings
  • I have 'All Users and Security Groups' set to prevent users from saving logins
  • Inactivity Time Out under System Settings > Miscellaneous is set to 240


Due to audit findings/recommendations, this is important especially to our CTO. Any ideas are welcome.

Link to comment
Share on other sites

Hi rhunter,

 

This feature relies on no updates within the browser, in any of the open tabs, to work. So if a page is open which might have some sort of auto-refresh happening, this would keep the explain the cause.

Can you confirm with your CTO that he/she has their browser open for 4 hours, but does not use it in any way, and no web sites are refreshing to contents of the page?

Also, possibly look to see if there are any other browser extensions installed which might be keeping sessions active somehow on different sites.

Regards

Click Studios

Link to comment
Share on other sites

Thanks for the reply! The reason that I don't believe it should be related to a browser extension or another tab is because he works from a laptop and shuts down nightly. Even after his laptop is powered off all night, and he comes in the next morning, his browser restores tabs and he is not asked to sign back into PasswordState. I believe the issue is that he is not getting our MFA policy but instead logging in using AD Passthrough. 

 

Some details that may be helpful - We used to use AD Passthrough, but in the last few weeks have moved to Manual AD with Google Authenticator. His user is set to use System Wide Authentication Settings and our system settings are set for Manual AD with Google Authenticator. I'm not sure if there is a reason that even though his user is set to use system wide settings that he is still inheriting AD Passthrough? 

 

I apologize, I should have initially provided those details.

Link to comment
Share on other sites

Hi rhunter,

 

This timer is client based (javascript), so if he closes is browser, or shuts down his laptop, then this would explain it - when he next opens his browser, the timer will start from the beginning again.

 

The MFA login for Passwordstate should happen every time he needs to authenticate to Passwordstate. What timeout do you have set for Passwordstate - this is set on the screen Administration -> System Settings -> Miscellaneous screen. Maybe log a support call via our support page, so that we can request some data to see what authentication options are set everywhere. Also, this MFA has nothing to do with the browser extension timeout.

Regards

Click Studios

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...