Session Lifetime Limits
A session lifetime defines a session duration. Session lifetime is an important security feature because it prevents administrators from keeping sessions open indefinitely, leaving them vulnerable to unauthorized access. When you edit a session lifetime, you can change settings such as the maximum session lifetime, and how long a session can be idle before the system closes it.
Each time an administrator logs on to the Security Console, Operations Console, or Self-Service Console, the following sessions are created:
Up to ten administrators can be logged on at the same time.
You can create different sets of session attributes for the primary instance and the replica instance.
Logon Session
Logon Session settings control the lifetime for sessions that are abandoned or have not completed the authentication process. These sessions affect the following types of logon sessions:
Security Console (administrators)
Operations Console (administrators)
Self-Service Console (non-administrative)
Users who are authenticating through risk-based authentication (non-administrative)
The defaults for these settings are three minutes idle time-out and eight minutes of total lifetime.
EAP32 Session Lifetime
Extensible Authentication Protocol (EAP) Session settings control the initial session lifetime for EAP32 Sessions.
Console and Command API Session
The Console and Command API Session settings control the authenticated or active sessions for administrators in the web-based consoles or the command application programming interface (API). The default settings are 30 minutes idle time-out and 8 hours of total lifetime.
The AM web-based administrative consoles are the Security Console and the Operations Console. The command API is used by programmers, web developers, or systems engineers responsible for developing custom software applications that interact with the AM system. For information on the command API, see the RSA Authentication Manager Developer’s Guide.
Types of Session Lifetime Settings
Session settings apply to the logon pages for the web-based administrative consoles, the command API interface described in the RSA Authentication Manager Developer’s Guide, and the risk-based authentication (RBA) logon attempts by end users. When a session times out or reaches the maximum lifetime, the logon page is redisplayed, and the user must log on again.
You can configure the following settings for sessions:
Time-out. The length of time that a session can be inactive before being terminated. The default setting is 30 minutes.
Maximum Lifetime. The maximum length of an session. When the console session reaches its session lifetime, the session is terminated and the administrator is logged off, regardless of whether the session is active. The default setting is eight hours.
These settings are independent of session inactivity. For example, if a console and command API session lifetime is eight hours, an administrator is automatically logged off after eight hours, even if there have been no periods of inactivity during the session.
Only a Super Admin can modify the console and command API session settings.
Edit Session Lifetime Limit
Security Console will apply the new session lifetime changes from the subsequent logins only. If you wish to apply the changes in the current session, you must either flush the cache or restart the services..
Before you begin
You must be a Super Admin.
Procedure
In the Security Console, click Setup> System Settings.
Under Console & Session Settings, click Session Lifetime.
Click the session type that you want to edit, and select Edit, from the context menu.
Under Session Lifetime Settings, do the following:
Select Time out idle sessions,and enter the time-out duration, if you want to time out sessions after a period of inactivity.
Select Limit session lifetime,and enter the maximum lifetime of a session.
Click Save. Security Console will apply the changes from the subsequent log-in sessions.
If you wish to apply the changes in the current session, do one of the following:
Use the following command and restart the services:
cd /opt/rsa/am/server
./rsaserv restart console
Related Tasks
Related Articles
Edit an Authentication Agent Number of Views Update System Date and Time Settings Number of Views Test Access to Cloud Access Service Number of Views Configure Critical System Event Notification Number of Views Cloud Administration Delete User Now API Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.4 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Release Notes for RSA Authentication Manager 8.8
