Owner or Admins
New Relic's session configuration feature allows you to set limits on idle time before your users' browser sessions automatically expire. A message appears three minutes before the system logs them out. Users then need to sign back in to continue. For accounts configured with SAML Single Sign On (SSO), an additional option is available to set how often the users' browser sessions are re-authenticated.
Users and Restricted Users can view the time period for automatic timeout, but they cannot change it. To view the timeout value: Go to account.newrelic.com > k(account dropdown) > Account settings > Authentication > Session configuration.
Access to this feature depends on your subscription level.
The session configuration options provide an additional level of security to ensure that unattended browsers will automatically time out. Session values are automatically stored in the session cookie. Additional features include:
|Easy setup||Admins use the slide bar in New Relic's user interface to select predefined time periods. Default is two weeks.|
|Coordination with sign-in option||If users select the option to Keep me signed in on New Relic's sign-in page, New Relic prompts three minutes before the Session Configuration expiration setting.|
|Separate options available by role||Admins can choose for Restricted User sessions to never time out even if they select a session timeout setting. This is useful, for example, when you use a Restricted User login for demos.|
|Automatic inheritance for sub-accounts||By default, sub-accounts inherit the same session configuration as their master account.|
|Most restrictive by default||If users have multiple accounts, the most restrictive setting applies, regardless of which account the user currently is using.|
|Integration with SAML SSO logout URL||If the account's SAML SSO configuration does not include a logout URL, New Relic includes a link from Session configuration for the Owner to set it up. If the Admin is not also the Owner, a message about the SAML SSO logout URL requirement appears.|
|Additional re-authentication setting for SAML SSO||In addition to the session timeout option, Admins can select the time (15 minutes to 2 weeks, or never) for how often a SAML-authenticated browser session must be re-authenticated.|
Select the session timeout value
The process for selecting the session timeout value is the same for both SAML and non-SAML configurations. For additional SAML configuration options, see SAML SSO browser reauthentication.
To select a predefined period for session timeouts with SAML SSO accounts, the account Owner must have previously identified the logout URL in the SAML SSO configuration settings. If this has not been set up, the account Admin can view the session timeout slide bar but not change it.
If the Admin is also the account Owner, the Session Configuration includes a link to go directly to New Relic's SAML SSO Configuration and identify the logout URL. For more information, see Setting up SSO.
To select a predefined period for session timeouts:
- Go to account.newrelic.com > k(account dropdown) > Account settings > Authentication > Session configuration.
- Use the slide bar to select a time period for idle sessions to expire and log out automatically.
- Optional: Select the checkbox option if you don't want restricted users' browser sessions to expire.
- Select Save my changes.
Changes take effect immediately.
Select the SAML SSO browser reauthentication
To select a predefined period for SAML SSO-authenticated browser sessions to be re-authenticated:
- Go to account.newrelic.com > (account dropdown) > Account settings > Authentication > Session configuration.
- Use the SAML re-authentication time slide bar to select a time period for New Relic to check the browser session.
- Select Save my changes.
SAML timeout experience
If you are logged out due to a session idle timeout on an account configured for SAML, you will be sent to the New Relic login page. Because your account is configured for SAML, you do not have a direct New Relic login. To be redirected to your SAML provider for reathentication:
- Enter your email address in the Email field.
- Leave the Password field blank.
- Click the Sign In button.
You will then be redirected to your SAML provider. Once reauthorized, you will then be returned to the New Relic website.