What are the default timeouts for the SAML Identity Provider (IdP) & target applications?

  • Individual Applications (Service Providers) have their own timeouts -- it is Application dependent.
  • The NCEdCloud IAM Service RapidIdentity Portal:
    • Login Screen inactivity timeout (you go to the login screen but don't login) = 5 minutes
      • If timed-out here, close the unused login window/tab, open a new window/tab and start over.
    • Once in the NCEdCloud portal, the inactivity timeout = 8 Hours
  • SAML assertion timeout = it is valid for 5 minutes (the assertion itself)
    • Individual Applications (Service Providers) can have a different timeout for their session(s).  If it is > 5 minutes and that timeout occurs, they will check the SAML assertion and then handle it however they want to handle it.
  • In general it is best that users completely close their browser when they are done.
    • One example is Google Apps. If Google Apps is integrated with the IAM Service and a user logs in, they stay logged in until they close the browser, which could be days or weeks.
FAQ category: