Zecurit provides robust session control settings to help you protect access to your environment by managing session behavior across your organization.
Only the Super Admin has permission to configure these settings.
What you can configure
Under Settings → Security → Session Settings, you can customize the following:
1. Session Expiry Period
Sets the maximum duration a user can stay signed in without requiring re-authentication.
- Default Setting: 15 days
- Effect: After the selected number of days, users will be logged out and prompted to log in again—regardless of activity.
Use this setting to enforce periodic logins for additional security.
2. Session Idle Timeout
Defines the amount of inactivity time after which a user will be automatically logged out.
- Default Setting: 6 hours
- Effect: If a user remains idle (no actions or clicks) for this duration, the session is terminated and they will need to log in again.
This helps prevent unauthorized access on unattended machines.
3. Concurrent Sessions Limit
Controls how many active sessions a user can have at the same time (e.g., on different browsers or devices).
- Default Setting: 3
- Effect: If a user tries to log in beyond the allowed limit, older sessions will be invalidated or blocked depending on system behavior.
Limits the risk of account misuse or session sprawl.
Important Notes
- These settings apply organization-wide and affect all users and technicians.
- Only the Super Admin can view and change session settings.
- Users will see a warning or be auto-logged out based on these policies.
Best Practices
- Combine session timeout controls with IP Restrictions and Two-Factor Authentication for enhanced access protection.
- Set shorter idle timeouts in high-security environments (e.g., shared workstations or public access areas).
- Regularly review session behavior from the Activity Log to audit usage patterns.