There are a number of security features that limit the length of an active log-in session in the AppCheck portal. If you find yourself unexpectedly presented with the AppCheck login screen while you were working in the AppCheck portal, your session was most likely terminated by one of these features.
Session Length
Sessions are limited to 120 minutes. You will be asked to re-authenticate after this time.
This is not based on level of activity; sessions will end after this time even if you have been actively working in the portal throughout.
IP Session Pinning
Sessions are restricted to a single source IP address (the IP address from which requests are sent, ie the user's public IP address). If requests are received from a different IP address the authenticated session is immediately ended and the user is prompted to re-authenticate.
The most common reason for a user's requests to come from varying IP addresses is the use of multiple outbound gateways within an organisation, meaning your outgoing requests may be load-balanced between two or more gateways each with a different public IP address, thus presenting a different source IP address to AppCheck for each request.
Other potential reasons include connecting or disconnecting from a network, such as a VPN or WiFi network (where you might fail over to a cellular connection, for example).
IP Pinning is a security feature to prevent unauthorised access. We recommend leaving this feature enabled and speaking to your network managers to arrange for your outgoing requests to be routed through a single public IP address, or resolving problems with your networks causing dropouts, as appropriate.
However, if you do wish to disable this feature you can find the option at the following location in the AppCheck portal:
- Settings
- Security Settings
- Enable IP session pinning
- Security Settings
This feature applies to all users of your organisation; it cannot be enabled/disabled on a per-user basis. Consequently, only Admin users can change this setting.
Comments
0 comments
Article is closed for comments.