Configuring expire session login policy
Administrator can configure expire session login policy to force the user to re-authenticate a session after a certain period of inactivity.
Steps
- Navigate to Protect > Policies page.
-
On the Login Policy tile, click the Add Action drop-down and then select the Expire Session action.
A default policy gets created for the Multi-Factor Authentication Login.
You can either Save the policy or you can edit the default policy variables.
-
To specify which Groups the action applies to:
Groups can be locally defined groups, security groups and OUs pulled from active directory.Note: By default, Any is selected which means policy is applicable to all groups.
Available options are:
- Any
- Selected
- Click the Any value to open the Select Groups dialog box.
-
To limit the policy to selected groups, click Selected option.
-
To add a group, click the green plus icon and then select the group from the drop-down you wish the action to apply to.
You can add as many groups as needed for the policy.
- Select the Negate checkbox to apply policy line to every group except the group you selected.
- To save the selected group(s), click Ok.
-
To specify which Device the action applies to:
Note: By default, Any is selected which means policy is applicable to all devices including unmanaged devices.
Available options are:
- Any
- OS & User-Agent
- Device Profile
If you want to select common operating systems and/or User-Agent Strings:- Click the Any value to open the Device dialog box.
- Select OS & User-Agent option.
-
Select the applicable operating systems.
Available options are Apple iOS, Apple Mac OS X, Google Android, Google Chrome OS, Microsoft Windows Phone, Microsoft Windows PC and Other OS. -
To limit the policy to matches of selected operating systems along with any user-agent strings, click the green plus icon and then enter the string(s).
You can add as many user-agent strings as needed for the policy.
- Select the Negate checkbox to apply policy line to every device except the device you selected.
- To save the selected device(s), click Ok.
If you want to select device profile:- Click the Any value to open the Device dialog box.
-
To limit the policy to selected device profiles, click Device Profile option.
-
To add a device profile, click the green plus icon and then select the device profile from the drop-down you wish the action to apply to.
You can add as many device profiles as needed for the policy.
- Select the Negate checkbox to apply policy line to every device profile except the device profile you selected.
- To save the selected device profile(s), click Ok.
-
Apply specific actions when a user is accessing from certain Location:
Available options are:
- Any
- Selected
- Click the Any value to open the Select Locations dialog box.
-
To apply specific actions when a user is accessing from certain locations, click Selected option.
You can restrict or block users entirely from unsafe or untrusted locations and restrict or control where a user is accessing the cloud application from (either geographic location or IP).
-
To select a location, click the green plus icon and then select the location from the drop-down you wish the action to apply to.
You can add as many locations as needed for the policy.
- Select the Negate checkbox to apply policy line to every location except the location you selected.
- To save the selected location(s), click Ok.
-
Select a Trigger when a session will expire.
Available options are:
- Inactivity timeout
- Time range
To automatically expire a user's session whenever they are inactive in an application for the specified amount of time:- Click on the default trigger to open Trigger dialog box.
-
Select the Inactivity timeout option and then enter the duration in minutes (max 2 weeks) after when session should be expire.
- To save selected details, click OK.
To automatically expire a user session once they meet the time range criteria (expiring a session once they are outside of the work hour range):- Click on the default trigger to open Trigger dialog box.
-
Select the Time range option to view approved range.
- Select the Start time.
- Select the End time.
-
Select the applicable Day(s).
Available options are Sun, Mon, Tue, Wed, Thu, Fri and Sat.
- To save selected details, click OK.
-
Click the default action to open Action dialog box.
- To notify about the expire session to user, select the appropriate User Email.
- To notify about the expire session to group, select the appropriate Group Email.
-
To generate a Forcepoint alert, select the Generate Alert checkbox.
Admin can view Forcepoint alerts from Analyze > Alerts page.
- To save selected details, click OK.
- To save the updated policy, click Save.