NordLayer session duration control options explained

Keeping in line with the main Zero Trust Network Access (ZTNA) framework principles, NordLayer supports a duration timer for user sessions. This ensures an automatic logout from the NordLayer application or Control Panel after a specified period, regardless of whether the user was actively using the service or not.

Session duration control is available on:

• NordLayer applications
• Control Panel

Session timeout is mandatory for the entire organization. By default, sessions are set to last 30 days, which is the longest duration allowed on either platform. After 30 days, users are automatically logged out if they haven't interacted with the app.

This applies to both the Control Panel and the application, where the shortest possible session duration is 1 day.

Session duration can be controlled in two ways: through Idle Session Timeout or Active Session Timeout features.

Idle Session Timeout

Idle Session Timeout is a functionality designed for administrators to control the duration of a user’s session while inactive. This means that if users don’t interact with the app, they will remain logged in for a set period. However, if they close the app while maintaining a connection to the gateway, they will be automatically disconnected after this specified time interval.

This setting is particularly useful for enhancing security by ensuring that inactive sessions don't remain open indefinitely, which could be a potential security risk.

Here’s how you can set up this timeout as an administrator:

1. Begin by logging into the NordLayer Control Panel
2. Look for the Settings option in the main menu on the left side
3. Under Settings, you'll find Security Configurations. This is where you can adjust security-related features
4. In Security Configurations, find the option to set the inactivity timeout. This is the period of inactivity after which users are prompted to log in again

5. Specify your desired timeout duration. Consider the balance between security and convenience for your users
6. Click Save to apply your changes.

Active Session Timeout

Active Session Timeout, a newer addition to NordLayer's features, is a part of the Zero Trust Network Access (ZTNA) framework. This feature allows an IT administrator to set a fixed duration for a user session. After this duration elapses, the user is automatically logged out from the NordLayer application or Control Panel, regardless of whether they were connected to the Virtual Private Gateway or not.

The feature improves security controls by ensuring that user sessions don't extend beyond a necessary period, reducing the window of opportunity for unauthorized access. The administrator can enable this setting in the Control Panel, setting a minimum duration of 1 day and a maximum of 30 days for both the app and the Control Panel.

Here’s how you can enable Active Session Timeout as an administrator:

1. Head to the Control Panel
2. Go to Settings and click on Security Configurations
3. Select Session Duration Controls and click Edit

4. Enter desired session durations for the NordLayer application and/or Control Panel and click Save.

Setting an active session timeout helps in enhancing security by ensuring that sessions don't remain open indefinitely. This is especially crucial in environments where sensitive information is accessed.

Note: In case you have any questions or are experiencing any issues, please feel free to contact our 24/7 customer support team.