NordLayer session duration control options explained
  • 3 Minutes to read

    NordLayer session duration control options explained

      Article summary

      Keeping in line with the main Zero Trust Network Access (ZTNA) framework principles, NordLayer supports a duration timer for user sessions. This ensures an automatic logout from the NordLayer application or Control Panel after a specified period, regardless of whether the user was actively using the service or not.

      Session duration control is available on:

      • NordLayer applications
      • Control Panel

      A session can last for an extended period, whereas a connection refers to each instance when a user connects to the gateway.

      Session timeout is mandatory for the entire organization. By default, sessions are set to last 30 days, which is the longest duration allowed on either platform. After 30 days, users are automatically logged out if they haven't interacted with the app.

      This applies to both the Control Panel and the application, where the shortest possible session duration is 1 day.

      Session duration can be controlled in two ways: through Idle Session Timeout or Active Session Timeout features.

      Idle Session Timeout

      Idle Session Timeout is a functionality designed for administrators to control the duration of a user’s session while inactive. This means that if users don’t interact with the app, they will remain logged in for a set period. However, if they close the app while maintaining a connection to the gateway, they will be automatically disconnected after this specified time interval.

      This setting is particularly useful for enhancing security by ensuring that inactive sessions don't remain open indefinitely, which could be a potential security risk.

      Here’s how you can set up this timeout as an administrator:

      1. Begin by logging into the NordLayer Control Panel
      2. Look for the Settings option in the main menu on the left side
      3. Under Settings, you'll find Security Configurations. This is where you can adjust security-related features
      4. In Security Configurations, find the option to set the inactivity timeout. This is the period of inactivity after which users are prompted to log in again

      Settings - Security configurations - Modal view - Idle session timeout - Default 1.png

      1. Specify your desired timeout duration. Consider the balance between security and convenience for your users
      2. Click Save to apply your changes.
      • Idle Session Timeout is implemented centrally. Any changes an administrator makes will affect all members of the organization uniformly.
      • The default setting for the Idle Session Timeout is 30 days, but it can be adjusted to any period between 1 and 30 days.

      Active Session Timeout

      Active Session Timeout, a newer addition to NordLayer's features, is a part of the Zero Trust Network Access (ZTNA) framework. This feature allows an IT administrator to set a fixed duration for a user session. After this duration elapses, the user is automatically logged out from the NordLayer application or Control Panel, regardless of whether they were connected to the Virtual Private Gateway or not.

      The feature improves security controls by ensuring that user sessions don't extend beyond a necessary period, reducing the window of opportunity for unauthorized access. The administrator can enable this setting in the Control Panel, setting a minimum duration of 1 day and a maximum of 30 days for both the app and the Control Panel.

      Here’s how you can enable Active Session Timeout as an administrator:

      1. Head to the Control Panel
      2. Go to Settings and click on Security Configurations
      3. Select Session Duration Controls and click Edit

      Settings - Security configurations - Modal view - Active session timeout - Default.png

      1. Enter desired session durations for the NordLayer application and/or Control Panel and click Save.

      Setting an active session timeout helps in enhancing security by ensuring that sessions don't remain open indefinitely. This is especially crucial in environments where sensitive information is accessed.

      Note: In case you have any questions or are experiencing any issues, please feel free to contact our 24/7 customer support team.

      Was this article helpful?