Setting idle and session timeouts

Aarthi
Aarthi
  • Updated

There are often security or compliance reasons to enforce users be active when viewing data in Benchling, or re-authenticate regularly. You can control timeout length on your tenant with:

  • Idle timeouts control how long a user can be idle before they’re automatically logged out of Benchling. They help secure your work environment by minimizing opportunities for data to be exposed without supervision and are particularly useful where shared workstations are common.

  • Session length timeouts control the maximum time a user can be logged into Benchling before they’re forced to re-authenticate. They ensure anyone using Benchling has current credentials, especially when using your own identity provider to authenticate users.

It’s common to use both settings.

Timeout recommendations

We recommend starting with the following settings:

    • Idle timeout: 720 minutes (12 hours)
    • Session length timeout: 144 hours (6 days)

These values are set to balance security while minimizing disruption to user experience, and are what we set by default for new tenants.  Sessions requirements will vary based on your organization’s needs, so you may need to adjust these limits later.  Users on the Academic tenant will also be subject to these limits, but do not have the option to change them.

 

Session requirements will vary based on your organization’s needs, so you may need to adjust these limits later.

You can’t set timeouts for periods of time below these minimums:

  • Idle timeout: 5 minutes, set in minute increments

  • Session length timeout: 12 hours, set in hour increments

Note: When determining timeout limits, we recommend setting the session length timeout longer than idle timeout. Not doing so is equivalent to having idle timeout disabled.

 

Considerations for authenticating using your own identity provider

If you're using your own identity provider to authenticate, like SAML authentication, ensure the identity provider app session length is configured at or below the Benchling idle timeout. If not, the existing browser session might allow the user to log in without re-entering their credentials.

Below are instructions to configure session length for some of our most common identity providers:

Timeout user experience

The table below describes the user experience for each timeout limit while the user is within and approaching the end of a session.

Manage timeout limits

You can manage both timeout limits in the Tenant Admin Console:

  1. Click your initials in the bottom-left corner, then select Tenant Admin Console.

  2. Click Settings, then click Configurations.

 

 

Was this article helpful?

Have more questions? Submit a request