Managing Realm Settings
Overview
The Realm Settings screen allows for the configuration of basic settings which will apply to the whole realm and its users. Click Realm Settings within the navigation tree on the left to display the screen.
The manage-settings
role is required in order to see the Realm Settings menu item and manage the default time zone settings. Eleveo.admin has the manage-settings
role assigned by default, as a part of the user-management-admin
composite role.
Configuring the Default Time Zone
It is possible to select a default time zone for all users in the realm. This setting is (by default) set to the time zone selected during the original deployment, but it can be modified by an eleveo.admin or any other user with the manage-settings
role. The default time zone setting can be overwritten by selecting a time zone for an individual user, or by users themselves from the Manage Account section.
Select a time zone from the drop-down menu and click Save. Alternatively, click Cancel to abandon the changes.
The default time zone can be overwritten by setting a time zone for a specific user in their own user settings:
on the Details tab of the user's settings, by eleveo.admin. For more details, go to Editing Users.
on the Account details page of a user (in the Manage Account section), by users themselves, for more details go to Configuring User Profile and Password
Configuring Notifications
To be notified about license expiration, set the Expiration notification in days value. This value defines how many days before the license expiration, an email with a notification will be sent. The email will be sent to all users with a manage-license
role. Ensure that all these users have an email address configured in their settings.
The default value is set to 30 days, the maximum value is 99 days.
Modify the value if needed, then click Save. Alternatively, click Cancel to abandon changes.
Configuring Session Expiration
To configure the session expiration period, configure the values:
SSO Session Idle – time period a session can be idle before expiring; afterwards, a session expires and a user is logged out (default value: 30 minutes)
SSO Session Max – maximum length of a session; afterwards, a session expires and a user is logged out (default value: 10 hours)
Note:
These values should be 30 minutes by default and should not be changed. This is required by most security standards - such as PCI DSS (15 mins), NIST (30 mins max.), OWASP (15-30 mins). Modifying these values may increase your security risk. Modifying these values may lead to increased risk of unauthorized access to the account, data leakages, session tokens/cookies leakages and even regulatory compliance issues.
Modify the values if needed, then click Save. Alternatively, click Cancel to abandon changes.
Note that an additional period of two minutes is always added to the configured SSO Session Idle value. As a result, if the configured value is, for example, 30 minutes, a session will expire after 32 minutes. These two minutes are added automatically in the background to support some corner-case scenarios related to the token expiration in cluster and cross-datacenter environments.