Manual Chapter : Specifying how often a user must authenticate

Applies To:

Show Versions Show Versions


  • 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Manual Chapter

Specifying how often a user must authenticate

You can configure Access Policy Manager (APM) so that step-up authentication runs periodically throughout a session. For example, you might want a user to re-authenticate every eight hours for access to a given application.
  1. For step-up authentication to run periodically, verify that the
    Maximum Session Timeout
    setting in the access profile is set to a value greater than zero.
    The default value is 604800 seconds (or 1 week).
    1. On the Main tab, select
      Profiles / Policies
      Access Profiles (Per-Session Policies)
    2. Click the name of the access profile you want to verify.
    3. In the Settings area, locate the
      Maximum Session Timeout
    4. If it is set to 0, on the right of the screen select the
      check box. In the
      Maximum Session Timeout
      field, type a value greater than 0, and at the bottom of the screen, click
  2. To specify how long you want the user to retain access without needing to re-authenticate, update the
    Max Subsession Life (sec)
    1. With the per-request policy open in the visual policy editor, expand the subroutine for editing.
    2. Click
      Subroutine Settings/Rename
      A popup screen opens.
    3. In the
      Maximum Subsession Life (sec)
      field, type the number of seconds that you want users to retain access without needing to authenticate again.
      The default value is
      (or 15 minutes).
  3. Click
    The popup screen closes.