Change the identity provider session settings for an end user

How to change the identity provider (IdP) session settings for an existing IdP.

You can revise the session settings for an IdP if you get error messages stating that an IdP object cannot be updated. For example:

'cookie expiry: Maximum session expiry timeout range (in minutes) is 15 to 43200.'

'Force login timeout:Idle timeout range (in minutes) is 60 to 525600.'

How to

  1. Log in to the Enterprise Application Access (EAA) Management Portal.
  2. From the top menu bar, select Identity > Identity Providers.
  3. Locate the IdP card you want to change the customization for.
  4. Click Settings > GENERAL.
  5. Scroll to the Session settings section.
  6. In the Session idle expiry field, enter the number of minutes after which an idle session should automatically get timed out.
    The default is 120 minutes. The maximum limit is 1440 minutes. If you exceed that number to be more than 43200 minutes, you receive an error message and will not be able to save the configuration changes.
  7. Select Limit session life to specify the maximum lifetime for an active session.
  8. In the Max session duration field, enter the number of days after which all authenticated users will be forced to re-authenticate.
    The default is 7200 minutes (5 days). The minimum limit is 60 minutes and the maximum limit is 525600 minutes (365 days). If your duration is not within that limit you receive an error message and will not be able to save the configuration changes.
  9. To save your changes, click Save and exit or Save and go to Directories.

Next steps

For the changes to go into effect, Deploy the identity provider.