Strengthen account security with features that manage session duration and control access. This guide will explain session time-outs and IP allow lists, available through Enterprise Shield.
2 minute read
Establish session time-outs
To help Enterprise Shield customers maintain secure access and control over user sessions, Lucid offers two configurable time-out features: max session time-out and idle session time-out. These settings allow account owners, admins, and Shield admins to automatically log users out after a defined session duration, either based on total time logged in or length of inactivity.
For SAML users, reauthentication will route them through their identity provider (IdP).
Max session time-out
Max session time-out requires users to re-authenticate after a set period, regardless of activity. This feature promotes regular re-authentication and reduces risk by limiting the amount of time an attacker could maintain access in the event of a compromised session. By default, max session time-out is automatically turned on and set to 30 days for all Enterprise Shield customers, but this period is adjustable.
Idle session time-out
Idle session time-out automatically signs users out after a period of inactivity, helping protect your account from unauthorized access if a session is left unattended. Limiting the duration of inactive sessions reduces the risk of unauthorized access and accidental data exposure.
Both session time-out features are accessible from the security authentication page in the Lucid admin panel and offer flexible time limits. The max session time-out can range from two hours to 365 days, and the idle session time-out can be set from 15 minutes to 14 days.
For detailed setup instructions and additional information, refer to our Enterprise Shield add-on overview article.
Specify which IP addresses are allowed to access your account
To restrict account access to specific IP addresses, enable the IP allow list feature by checking the box and entering the allowed IP addresses or ranges using CIDR notation (e.g., 192.168.2.0/24). This feature ensures users can only log in from approved locations, enhancing security by preventing access from unauthorized IP addresses.
Enable the IP allow list feature when you want to:
- Restrict access to corporate offices or physical locations.
- Enforce access only through your company’s VPN.
- Comply with internal security or industry-specific compliance requirements.
- Prevent account access from public or unsecured networks.
Note: These guides are here to help you get the most out of Enterprise Shield, but are not intended to address all scenarios or compliance requirements. You’re in the best position to decide how to configure your settings to ensure they meet your specific security and privacy needs.