• /
  • EnglishEspañol日本語한국어Português
  • Log inStart now

Set session timeouts

Original user model

This doc is for users on our original user model.

New Relic's session configuration feature allows you to set limits on idle time before your users' browser sessions automatically expire.

Requirements

If you're on our newer user model, see Session settings.

Overview

Session configuration allows you to set limits on idle time before your users' browser sessions automatically expire. A message appears three minutes before the system logs them out. Users then need to sign back in to continue. For accounts configured with SAML Single Sign On (SSO), an additional option is available to set how often the users' browser sessions are re-authenticated.

Users and Restricted Users can view the time period for automatic timeout, but they cannot change it. To view the timeout value: Go to user menu > Account settings > Authentication > Session configuration.

Features

Tip

Owner or Admins

The session configuration options provide an additional level of security to ensure that unattended browsers will automatically time out. Session values are automatically stored in the session cookie. Additional features include:

Feature

Notes

Easy setup

Admins use the slide bar in the New Relic user interface to select predefined time periods. Default is two weeks.

Separate options available by role

Admins can choose for Restricted User sessions to never time out even if they select a session timeout setting. This is useful, for example, when you use a Restricted User login for demos.

Automatic inheritance for child accounts

By default, child accounts inherit the same session configuration as their parent account.

Most restrictive by default

If users have multiple accounts, the most restrictive setting applies, regardless of which account the user currently is using.

Integration with SAML SSO logout URL

If the account's SAML SSO configuration does not include a logout URL, New Relic includes a link from Session configuration for the Owner to set it up. If the Admin is not also the Owner, a message about the SAML SSO logout URL requirement appears.

Additional re-authentication setting for SAML SSO

In addition to the session timeout option, Admins can select the time (15 minutes to 2 weeks, or never) for how often a SAML-authenticated browser session must be re-authenticated.

Select the session timeout value

The process to select the session timeout value is the same for both SAML and non-SAML configurations. For additional SAML configuration options, see SAML SSO browser reauthentication.

To select a predefined period for session timeouts with SAML SSO accounts, the account Owner must have previously identified the logout URL in the SAML SSO configuration settings. If this has not been set up, the account Admin can view the session timeout slide bar but not change it.

If the Admin is also the account Owner, the Session configuration includes a link to go directly to New Relic's SAML SSO Configuration and identify the logout URL. For more information, see Setting up SSO.

To select a predefined period for session timeouts for users on our original user model:

  1. Go to: user menu > Account settings > Authentication > Session configuration.
  2. Use the slide bar to select a time period for idle sessions to expire and log out automatically.
  3. Optional: Select the checkbox option if you do not want restricted users' browser sessions to expire.
  4. Select Save my changes.

Changes take effect immediately.

Select SAML SSO browser re-authentication

To select a predefined period for SAML SSO-authenticated browser sessions to be re-authenticated:

  1. Go to: user menu > Account settings > Authentication > Session configuration.
  2. Use the SAML re-authentication time slide bar to select a time period for New Relic to check the browser session.
  3. Select Save my changes.

Redirect after SAML timeout

If you are logged out due to a session idle timeout on an account configured for SAML, you will be sent to the New Relic login page. Because your account is configured for SAML, you do not have a direct New Relic login. To be redirected to your SAML provider for authentication:

  1. Enter your email address in the Email field.
  2. Leave the Password field blank.
  3. Click the Sign In button.

You will then be redirected to your SAML provider. Once reauthorized, you will then be returned to the New Relic website.

Copyright © 2024 New Relic Inc.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.