Safous ZTA platform has the capacity to create applications or policies and connect them through different kinds of connection protocols. Your connection protocol will dictate how to configure active sessions and/or when a session is idle and disconnects for a user. This article explains how the Safous ZTA platform defines different types of timeouts for Web, Native Protocols, and Agent-connections.
Web Protocol Connections
Web-based protocols include HTTP/S, RDP web, SSH web, VNC web, Telnet web, or SMB. Administrators can configure the amount of time a web-based session is active in the Admin Portal, Settings > ZTNA > Configurations > User Portal, under the Session block in the “Idle session timeout” field as noted in the screenshot below:
The field "Idle Session Timeout” is defined as how long a session is idle before it is disconnected and the user must re-login. “Idle” is defined as there are no requests to the remote application at all. For example, if a user is connected via a web-based protocol and a website refreshes, that is considered activity and thus the session is not idle. Or, in the case of RDP web, mouse movement will render the session not idle. The default for “Idle session timeout” for web-based connections is 30 minutes and can be configured by the Administrator.
Native Protocol Connections
Idle session time for the native protocol (RDP native and SSH native) is set on your organization’s server and is not configured within the Safous ZTA platform. The “idle session” time you have set on your server for these applications is what is relevant for you.
However, Administrators can configure native protocol (Native RDP and Native SSH but NOT network access via the agent policies), setting the amount of time users have to connect to the server once they click the tile for that application. This can be configured in the Admin Portal, under Policies in the “Native session access token will be valid for (minutes)” field as noted in the screenshot below:
The “Native session access token will be valid for (minutes)” field is the amount of time the user has to connect to the server once they click on the tile, and the default is set at 30 minutes.
Safous ZTA Agent
The “Access token lifetime in hours” field is the amount of time the token is valid for from the time it is created by the user. This field is defaulted to 24 hours but can be configured by the Administrator. When users connect with the token once, the connection automatically refreshes, unless the user logs out, or is otherwise forced to logout. If the user logs out, or is otherwise forced to logout, the token will become invalid and a sign-in will be required in order to create a new token.
