Change the identity provider session settings for an end user

How to change the identity provider (IdP) session settings for an existing IdP.

You can revise the session settings for an IdP if you get error messages stating that an IdP object cannot be updated. For example:

Action failed - Unable to update object. Additional information: Field 'cookie_expiry' failed validation for the following error(s): 'cookie expiry: Maximum session expiry timeout range (in minutes) is 15 to 43200.'

Action failed - Unable to update object. Additional information: Field 'settings' failed validation for the following error(s): 'Force login timeout:Idle timeout range (in days) is 1 to 365.'

How to

  1. Log in to the Enterprise Application Access (EAA) Management Portal.
  2. From the top menu bar, select Identity > Identity Providers.
  3. Locate the IdP card you want to change the customization for.
  4. Click Settings > GENERAL.
  5. Scroll to the Session settings section.
  6. In the Session idle expiry field, enter the number of minutes after which an idle session should automatically get timed out.
    The default is 120 minutes. The recommended maximum limit is 1440 minutes. If you exceed that number to be more than 43200 minutes, you receive an error message and will not be able to save the configuration changes.
  7. Select Limit session life to specify the maximum lifetime for an active session.
  8. In the Max session duration field, enter the number of days after which all authenticated users will be forced to re-authenticate.
    The default is 5 days. The recommended maximum limit is 30 days. If you exceed that limit by more than 365 days, you receive an error message and will not be able to save the configuration changes.
  9. To save your changes, click Save and exit or Save and go to Directories.

Next steps

For the changes to go into effect, Deploy the identity provider.