rhunter Posted August 20, 2020 Share Posted August 20, 2020 I am hoping someone can lead me in the right direction or maybe provide some knowledgeable ideas. I have one user, who happens to be the CTO, that does not get a timeout from their browser login. He is using Chrome and also has the browser extension installed, and reports that he uses it quite a bit. Our timeout is set to 240 minutes and to my knowledge everyone else is getting logged out due to inactivity. I understand why he doesn't get disconnected during the day if he is using this consistently, but he isn't even getting logged out over weeknights or weekends. Things I have checked/verified His user is set to use System Wide Authentication Settings I have 'All Users and Security Groups' set to prevent users from saving logins Inactivity Time Out under System Settings > Miscellaneous is set to 240 Due to audit findings/recommendations, this is important especially to our CTO. Any ideas are welcome. Link to comment Share on other sites More sharing options...
support Posted August 20, 2020 Share Posted August 20, 2020 Hi rhunter, This feature relies on no updates within the browser, in any of the open tabs, to work. So if a page is open which might have some sort of auto-refresh happening, this would keep the explain the cause. Can you confirm with your CTO that he/she has their browser open for 4 hours, but does not use it in any way, and no web sites are refreshing to contents of the page? Also, possibly look to see if there are any other browser extensions installed which might be keeping sessions active somehow on different sites. Regards Click Studios Link to comment Share on other sites More sharing options...
rhunter Posted August 21, 2020 Author Share Posted August 21, 2020 Thanks for the reply! The reason that I don't believe it should be related to a browser extension or another tab is because he works from a laptop and shuts down nightly. Even after his laptop is powered off all night, and he comes in the next morning, his browser restores tabs and he is not asked to sign back into PasswordState. I believe the issue is that he is not getting our MFA policy but instead logging in using AD Passthrough. Some details that may be helpful - We used to use AD Passthrough, but in the last few weeks have moved to Manual AD with Google Authenticator. His user is set to use System Wide Authentication Settings and our system settings are set for Manual AD with Google Authenticator. I'm not sure if there is a reason that even though his user is set to use system wide settings that he is still inheriting AD Passthrough? I apologize, I should have initially provided those details. Link to comment Share on other sites More sharing options...
rhunter Posted August 21, 2020 Author Share Posted August 21, 2020 Another detail I forgot to add - If he manually logs out of PasswordState and logs back in, he is prompted for MFA using Google Authenticator. That is the only time he is prompted, however. Link to comment Share on other sites More sharing options...
support Posted August 21, 2020 Share Posted August 21, 2020 Hi rhunter, This timer is client based (javascript), so if he closes is browser, or shuts down his laptop, then this would explain it - when he next opens his browser, the timer will start from the beginning again. The MFA login for Passwordstate should happen every time he needs to authenticate to Passwordstate. What timeout do you have set for Passwordstate - this is set on the screen Administration -> System Settings -> Miscellaneous screen. Maybe log a support call via our support page, so that we can request some data to see what authentication options are set everywhere. Also, this MFA has nothing to do with the browser extension timeout. Regards Click Studios Link to comment Share on other sites More sharing options...
rhunter Posted August 24, 2020 Author Share Posted August 24, 2020 Thanks for your assistance. This definitely gives us what we needed to know to move forward. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now