Sessions and Security

sessions & security settings are only available to turbine administrators use these settings to configure user sessions, password policies, and encryption details this section also allows you to specify the length of active user sessions and other security parameters for detailed instructions on setting up the authentication section of sessions & security, see enable saml for sso docid\ osp4aqbz20lwocljeznab and enable two factor authentication docid\ nrohwii9bgy1dbqsh8igv setting up session timeout parameters as an administrator, you control the amount of time a turbine session can remain active before the user is forced to re authenticate or log out and log back in to set up session timeout parameters from the sessions & security tab, click > to expand the session controls specify the length and the unit of time for the user session, then click save use the drop down menu to specify the session unit , such as hour(s) or minute(s) session timeout configuration when you adjust the timeout session parameters here, users will need to log out and log back in for the updated time frame to apply all user sessions will retain the previously set timeout value until their current sessions expire or they log out and log back in overriding a user's session timeout administrators can override a specific user's session timeout this can be useful, for example, when using a turbine session as a dashboard for a shared work area it can also be helpful when you need to immediately disable a user's session to override a user's session timeout from the admin panel , select users choose the user whose session timeout you want to override from the users list in the user's profile settings, click the session tab toggle the override this user's session timeout switch, and then specify the time frame for the override (minutes or hours) click save the minimum you can specify for this override is 1 minute the maximum is 5 years (43,800 hours or 2,628,000 minutes) the override goes into immediate effect once you click save setting up security parameters as an administrator, you have control over password reset intervals and the required complexity for user passwords this section also allows you to enable two factor authentication (2fa) for accessing turbine and specify an administrator email to receive security notifications to set up security parameters from the sessions & security tab, click > to expand the password controls specify a password expiration length in days the only other option is never users will be prompted to create a new password when this expiration date is reached note this setting does not apply to users synced from active directory use the drop down menu to select the appropriate value for minimum password complexity the available values are password complexity settings set the number of consecutive failed login attempts before a user's account is locked using the number of allowed failed logins field the minimum number of failed logins is 3, and the maximum is 10 specify the security notification email for your organization this email will receive notifications when user profiles are locked due to security issues best practices for sessions and security configuration consider the following best practices when configuring sessions & security parameters session timeout length set a shorter timeout for user sessions to minimize the risk of unauthorized access password complexity use a complexity level of 3 or 4 to ensure strong password protection against brute force attacks failed login attempts set a low limit on failed login attempts (e g , 3 5) to detect and block potential brute force attempts security notifications use a dedicated security email for receiving notifications to ensure timely responses to potential security threats for more information about two factor authentication, see enable two factor authentication docid\ nrohwii9bgy1dbqsh8igv