The session settings enable you to adjust the timeout for a Horizzon session, the time an inactive user is considered idle, and the time a user can be idle before being signed out by Horizzon.

The Horizzon session is used for authentication with a browser. When a user goes to the Horizzon portal, the user authenticates with Horizzon. Horizzon will get an access token to access the API's of the Bizzdesign servers. When the access token expires, Horizzon will refresh the access token in the background using the session cookie. For increased security, you can activate IP address session validation.

Configuring the session settings should only be done by application administrators who are familiar with installing and configuring software and databases.


Required roles

System Administrator

Steps:

  1. In the sidebar menu, click Settings > General.

  2. On the general settings page, in Session, specify the session settings that you want to adjust.

    Horizzon session settings

    Session timeout: This is the maximum allowed time of a Horizzon session, in seconds. After the session timeout a user must authenticate again. The default session timeout value is 43200 seconds (12 hours). Change the value if you want to use a different session timeout. The value must be at least 60 seconds, and there is no maximum.

    Set the value higher than the Horizzon access token lifetime, which is 300 seconds (5 minutes) by default. If the value is not higher, Horizzon will not be able to refresh an expired access token, and the users will have to sign in again.

    Idle after: This is the amount of time in a Horizzon session after a user is considered idle. When the user has been inactive for this period during a Horizzon session but leaves the browser window with Horizzon open, a message will appear asking the user whether he or she wants to continue or sign out. If the user does not respond to the message within the specified timeout (Idle timeout), he or she will automatically be signed out. By default, a user is considered idle after 3600 seconds (1 hour). The value must be at least 60 seconds, there is no maximum.



    Idle timeout: This the amount of time a user has to react to the message before he or she is signed out. The default time that a user is allowed to stay idle before being signed out is 90 seconds. The value must be at least 10 seconds, there is no maximum.

    Sign out user if more than one IP address is detected during an active session: Select this option if the user's IP address must be validated when authenticating with the session cookie as an additional security measure.

  3. Click Apply to save the changes.