What is Session Security?
Session security, also known as auto logout, enhances the security of an agent's account in Service Desk. It automatically logs out the user from service desk if the account activity is inactive for a specified period. Session security is an essential mechanism using which you can implement modern security practices in the service desk platform thereby safeguarding sensitive information from unauthorised access. This article will explain about session security and how to configure and enable it in your Service Desk.
Session security lets the account admin to configure the timeout criteria on which an admin or an agent session should be logged out automatically if it is inactive for a certain amount of time.
Agent inactivity can be determined by various factors as explained below.
- Service Desk was open in the browser but was not the active tab for a certain time interval.
-
Service Desk was the active tab in the browser, but there were no keyboard or mouse movements recorded for a certain time interval.
- Service Desk was not open in the browser.
Required Permission
Manage Security Settings
-
Agents with this permission will be able to access the Security module under Service Desk > Manage > General Settings section
-
This is a Account Level Permission.
How to setup Session Security in Service Desk?
1. Navigate to Main Menu > Manage > General Settings section > Security > Session Security (tab)
2. Timeout Value
-
By default, the auto logout timeout value is set to 24 hours, which means the user will be logged out automatically if the user’s login session remains inactive even after 24 hours.
-
Configure the Timeout duration after which the agent should be logged out.
-
The time period can be configured from a minimum of 15 minutes to a maximum of 30 days i.e. 720 hours.
-
If the agent is participating in auto-assignment, the agent will be marked as Unavailable after the session timeout.
3. Once the Timeout Value is set the user’s activity will be polled and agent will be warned to remain active minute before the session timeout.
4. In Addition you can enable or disable the below settings based on the need.
-
Display remember me option during agent login
-
Display remember me option during requester login
Note:
-
Only agents with Manage Security permission can view and configure session security within the Security module.
-
Keyboard press and mouse hover will be considered for the agent session to be active.
Benefits
-
Improved Account Security
-
Mitigation of Data Breach Risks
-
Compliance and Regulations
-
Protection Against Unauthorised Use