Use Case:
Organizations want to improve security by automatically logging out users after a period of inactivity. This reduces the risk of unauthorized access if a user leaves their workstation unattended.
The inactivity (authentication) timeout setting for an Access Group in Pega ensures that if a user is inactive in their browser session for a specified number of seconds, they are automatically logged out. Before logout, users receive a warning with options to continue their session or log out.
Steps to Configure Inactivity Timeout for an Access Group### 1. Access the Access Group
- Go to Records > Security > Access Group in the navigation panel.
- Select or create the desired Access Group.
2. Open Advanced Settings
- Click the Advanced tab.
- Navigate to the Access Control section.
3. Set Authentication Timeout
- In the Authentication timeout field, enter the number of seconds of inactivity allowed (minimum 60 seconds).
- Example: Enter 600 for 10 minutes.
4. Save Your Changes
- Save the Access Group configuration.
How It Works
- After the specified inactivity period, a popup warns the user 45 seconds before logout, showing a countdown.
- The popup is accessible: it announces remaining time at 45, 30, 20, 10, and 5 seconds.
- The user can click Continue session (resetting the timer) or Log out.
- If no action is taken, the user is logged out and cached data is cleared. Clipboard and session context remain intact.
- Applies to both Traditional UI and Constellation Portals.
- For offline-enabled apps, the timeout is enforced when the user performs their next action.
- If authentication is managed externally: Leave the field blank to disable this feature.