Original user model
This doc is for users on our original user model.
New Relic's session configuration feature allows you to set limits on idle time before your users' browser sessions automatically expire.
Requirements
If you're on our newer user model, see Session settings.
Overview
Session configuration allows you to set limits on idle time before your users' browser sessions automatically expire. A message appears three minutes before the system logs them out. Users then need to sign back in to continue. For accounts configured with SAML Single Sign On (SSO), an additional option is available to set how often the users' browser sessions are re-authenticated.
Users and Restricted Users can view the time period for automatic timeout, but they cannot change it. To view the timeout value: Go to user menu > Account settings > Authentication > Session configuration.
Features
Tip
Owner or Admins
The session configuration options provide an additional level of security to ensure that unattended browsers will automatically time out. Session values are automatically stored in the session cookie. Additional features include:
Feature | Notes |
---|---|
Easy setup | Admins use the slide bar in the New Relic user interface to select predefined time periods. Default is two weeks. |
Separate options available by role | Admins can choose for Restricted User sessions to never time out even if they select a session timeout setting. This is useful, for example, when you use a Restricted User login for demos. |
Automatic inheritance for child accounts | By default, child accounts inherit the same session configuration as their parent account. |
Most restrictive by default | If users have multiple accounts, the most restrictive setting applies, regardless of which account the user currently is using. |
Integration with SAML SSO logout URL | If the account's SAML SSO configuration does not include a logout URL, New Relic includes a link from Session configuration for the Owner to set it up. If the Admin is not also the Owner, a message about the SAML SSO logout URL requirement appears. |
Additional re-authentication setting for SAML SSO | In addition to the session timeout option, Admins can select the time (15 minutes to 2 weeks, or never) for how often a SAML-authenticated browser session must be re-authenticated. |
Select the session timeout value
The process to select the session timeout value is the same for both SAML and non-SAML configurations. For additional SAML configuration options, see SAML SSO browser reauthentication.
To select a predefined period for session timeouts with SAML SSO accounts, the account Owner must have previously identified the logout URL in the SAML SSO configuration settings. If this has not been set up, the account Admin can view the session timeout slide bar but not change it.
If the Admin is also the account Owner, the Session configuration includes a link to go directly to New Relic's SAML SSO Configuration and identify the logout URL. For more information, see Setting up SSO.
To select a predefined period for session timeouts for users on our original user model:
- Go to: user menu > Account settings > Authentication > Session configuration.
- Use the slide bar to select a time period for idle sessions to expire and log out automatically.
- Optional: Select the checkbox option if you do not want restricted users' browser sessions to expire.
- Select Save my changes.
Changes take effect immediately.
Select SAML SSO browser re-authentication
To select a predefined period for SAML SSO-authenticated browser sessions to be re-authenticated:
- Go to: user menu > Account settings > Authentication > Session configuration.
- Use the SAML re-authentication time slide bar to select a time period for New Relic to check the browser session.
- Select Save my changes.
Redirect after SAML timeout
If you are logged out due to a session idle timeout on an account configured for SAML, you will be sent to the New Relic login page. Because your account is configured for SAML, you do not have a direct New Relic login. To be redirected to your SAML provider for authentication:
- Enter your email address in the Email field.
- Leave the Password field blank.
- Click the Sign In button.
You will then be redirected to your SAML provider. Once reauthorized, you will then be returned to the New Relic website.