A session lifetime defines a session duration. Session lifetime is an important security feature because it prevents administrators from keeping sessions open indefinitely, leaving them vulnerable to unauthorized access. When you edit a session lifetime, you can change settings such as the maximum session lifetime, and how long a session can be idle before the system closes it.
Each time an administrator logs on to the Security Console, Operations Console, or Self-Service Console, the following sessions are created:
Up to ten administrators can be logged on at the same time.
You can create different sets of session attributes for the primary instance and the replica instance.
Logon Session settings control the lifetime for sessions that are abandoned or have not completed the authentication process. These sessions affect the following types of logon sessions:
Security Console (administrators)
Operations Console (administrators)
Self-Service Console (non-administrative)
Users who are authenticating through risk-based authentication (non-administrative)
The defaults for these settings are three minutes idle time-out and eight minutes of total lifetime.
Extensible Authentication Protocol (EAP) Session settings control the initial session lifetime for EAP32 Sessions.
The Console and Command API Session settings control the authenticated or active sessions for administrators in the web-based consoles or the command application programming interface (API). The default settings are 30 minutes idle time-out and 8 hours of total lifetime.
The Authentication Manager web-based administrative consoles are the Security Console and the Operations Console. The command API is used by programmers, web developers, or systems engineers responsible for developing custom software applications that interact with the Authentication Manager system. For information on the command API, see the RSA Authentication Manager Developer’s Guide.