By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS SSO/IdC User Access Portal Timeouts

0

Hello,

Is there a way to change the session duration of the AWS SSO/Identity Center user access portal itself (i.e. the page at companyname.awsapps.com/start)? That portal seems to have an 8 hour session duration, but our organization prefers a much shorter duration. We're using Active Directory as our identity source.

We've been able to configure the session duration of applications displayed in the portal to be shorter, which works as expected, but we need the portal itself to have a shorter session duration.

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access ManagementAWS IAM Identity Center
Language
English
ash-gobills
asked a year ago718 views
5 Answers
1

Unfortunately, this doesn't address our needs or use case. We're not using the User Portal to provide users access to the AWS management console. We use the user portal to provide users access to SAML federated applications.

We have the timeout of those applications set to one hour. However, if a user's session with that application times out, they just go back to the AWS user portal, click the icon of that app, and are immediately back in. We need the session to the AWS user portal to time out after one hour as well, forcing them to sign back in to AWS SSO/IdC before they can re-access one of these SAML-provided applications.

ash-gobills
answered a year ago
1

That's for session manager within SSM, not for the user portal of AWS SSO. Doesn't seem like this is a possibility. We'll switch to another IdP instead of AWS SSO, then.

ash-gobills
answered a year ago
0

Hello,

AWS Single Sign-On (SSO) enables you to customize the session duration to AWS accounts ranging from 1 hour up to 12 hours. You can configure session duration for each permission set so that you can optimize how long your users can access AWS Management Console and AWS CLI for your AWS accounts. For example, when your users need to run long-running operations, you can increase the session duration so that your users can complete the operation using a single session. To learn more about configuring session duration, see Set Session Duration.

Link- https://docs.aws.amazon.com/singlesignon/latest/userguide/howtosessionduration.html

Hope this helps you with the question !!

profile pictureAWS
SUPPORT ENGINEER
Chirag_R
answered a year ago
0

I checked your use-case again & I believe, In that case you need to configure the session lifecycle on the Azure AD side. (see: https://docs.microsoft.com/en-us/graph/api/resources/tokenlifetimepolicy?view=graph-rest-1.0). The lifetime of the session set the maximum time a user can use the Amazon SSO web portal without re-authenticating to the external IDP.

Check out the link pasted above for additional details.

profile pictureAWS
SUPPORT ENGINEER
Chirag_R
answered a year ago
0

Hi, I am a Software Dev Engineer working in AWS Identity Center team. The feature being requested to configure the session duration for access portal is currently supported only for IdentityCenter and ExternalIdp identity source. More information here-https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html

Unfortunately, this feature is currently not supported for AD Identity source: https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-app-session.html

AWS
Aarushi Chawla
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content