As part of our ongoing efforts to improve the security of the Umbrella dashboard, we will be introducing new idle and absolute timeouts for all Umbrella dashboard sessions. This change means that users will now be logged out of the Umbrella dashboard after a period of inactivity, or if a session lasts longer than our absolute timeout.
Effective Wednesday, March 14th 2018, the Umbrella dashboard will enforce the following default session timeout values:
Idle Timeout: 20 minutes
Absolute Timeout: 16 hours
This work will bring us into closer alignment with the OWASP Recommendations, which can be found on their website, and contain full explanations for all timeout values.
Please note that this change does not affect the ability for users using two-step verification to use the “Remember Device for 30 Days” option, which will continue to work as expected. Additionally, customers using our APIs and authenticating using an API key will not be affected by this change.
While we do consider these timeouts as security measures, if you would prefer to modify the value of the timeouts, you can contact our Support team at <email@example.com> to request that they be modified for your organization. Note that if a user belongs to more than one Umbrella organization, then the shortest timeout amongst the organizations will be used.