By using AWS re:Post, you agree to the Terms of Use
/AWS SSO "User Portal" session timeout./

AWS SSO "User Portal" session timeout.

0

The AWS documentation for SSO has details on how to set a session duration for logging into the AWS console: https://docs.aws.amazon.com/singlesignon/latest/userguide/howtosessionduration.html

I set this to 1 hour to test. However, a behavior I've noticed is that when clicking on the link for the "management console", it opens a new tab in the browser (leaving the "user portal" open in the previous tab. The management console tab expires after 1 hour but if you go back to the previous tab with the "user portal" still open, you can simply click on the link for the "management console" to open a new tab without the need to re-authenticate.

Is there a way to configure a session timeout for the "user portal" in SSO?

  • Can you detail which identity source you are using? SSO internal, AD, or an external identity provider?

2 Answers
0

Can you detail which identity source you are using? SSO internal, AD, or an external identity provider?

I'm using AzureAD as an external identity provider.

I guess you are using SAML 2.0 integration then? In that case you need to configure the session lifecycle on the Azure AD side. (see: https://docs.microsoft.com/en-us/graph/api/resources/tokenlifetimepolicy?view=graph-rest-1.0). The lifetime of the session set the maximum time a user can use the Amazon SSO web portal without re-authenticating to the external IDP.

EXPERT
answered a month ago
  • I don't see this attribute listed in AWS's list of SAML assertions though. The closest one I can find is SessionDuration but that only affects the AWS Management Console and not the AWS User Portal. Its uses 60 minutes as a default if not specified.

    So what this effectively does is it expires the AWS Management Console session after 60 minutes. However, if you can go back to the browser tab where you still have the User Portal open, you can click on the "Management Console" link to open a new session for 60 minutes without having to do any re-authentication with SAML.

    The "User Portal" seems to leave its session open for several hours (I think 8 but I need to test that)

0

Can you detail which identity source you are using? SSO internal, AD, or an external identity provider?

I'm using AzureAD as an external identity provider.

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions