Manual Chapter : Specifying how often a user must authenticate
Applies To:Show Versions
- 16.0.1, 16.0.0
Specifying how often a user must authenticate
You can configure Access Policy Manager (APM) so that step-up authentication runs periodically throughout a session. For example, you might want a user to re-authenticate every eight hours for access to a given application.
- For step-up authentication to run periodically, verify that theMaximum Session Timeoutsetting in the access profile is set to a value greater than zero.The default value is 604800 seconds (or 1 week).
- On the Main tab, select.
- Click the name of the access profile you want to verify.
- In the Settings area, locate theMaximum Session Timeoutsetting.
- If it is set to 0, on the right of the screen select theCustomcheck box. In theMaximum Session Timeoutfield, type a value greater than 0, and at the bottom of the screen, clickUpdate.
- To specify how long you want the user to retain access without needing to re-authenticate, update theMax Subsession Life (sec)setting:
- With the per-request policy open in the visual policy editor, expand the subroutine for editing.
- ClickSubroutine Settings/Rename.A popup screen opens.
- In theMaximum Subsession Life (sec)field, type the number of seconds that you want users to retain access without needing to authenticate again.The default value is900(or 15 minutes).
- ClickSave.The popup screen closes.