Configure session management
A web session refers to an authenticated instance of your Zoho One account. To put it simply, a web session is created every time you sign in to your account from a browser or device, and is ended when you sign out. Signing in from your laptop is considered a web session. Signing in from a different browser in the same laptop is considered a separate web session and signing in from a mobile browser is also considered a web session. However, signing in from a native mobile app is not considered a web session.
Unaccounted web sessions can pose serious threats to your security, which is why managing your users' sessions is an essential part of organizational administration.
The major problem posed by unaccounted sessions is that as end users, it's easy to lose track of how many unsafe browsers or devices you're currently signed in from. Let's take a look at an example. Jacalyn is a sales representative at Zylker Corp. Due to the nature of her job, she travels around a lot and often connects to work remotely. She usually uses her laptop to connect, and sometime her mobile phone. Since those are personal devices, she never signs out of them. On rare occasions, she connects from internet cafes, and out of habit she does not sign out from them once she's done. Now she has three active sessions, one of which is in a public computer, open for anyone to access. Jacalyn has now put her account and her organization at risk.
Zoho One's session management enables you to protect your organization from these unaccounted sessions, with these three settings:
- Session Lifetime: This setting automatically signs your users out of a session after the specified number of days. If Zylker Corp's admin set the session lifetime as 30 days, Jacalyn will be forced to reauthenticate herself every month. Assume she upgrades her mobile phone and sells her old one. Even if she forgot to sign out of it, the session will automatically expire in at most a month.
- Idle Session Timeout: This setting automatically signs your users out of a session if they haven't used it in the specified time period. For example, if Zylker Corp's sysadmin set the idle session timeout as one hour, Jacalyn's public computer session will automatically expire an hour after she stops using it, reducing the risk.
- Concurrent Sessions: This setting specifies how many browsers or devices a user can be signed in from at a time. For instance, if Zylker Corp's sysadmin set the concurrent session as two, Jacalyn would be able to sign in from only two devices at a time. So once she comes back from the public computer and starts using her regular devices, she'll automatically be signed out of the public computer, thereby preventing any security incident.
Note: The configured settings will apply only to the sessions created by a user after the policy is applied to them.
To configure session management:
- Sign in to Zoho One
, the click Admin Panel in the left menu.
- Go to Security, click Security Policies, then click on the policy you want to configure.
- Go to Advanced Settings, then set the Session Lifetime, Idle Session Timeout, and Concurrent Sessions.
- Click Update.
Note: To manually manage the sessions of individual users, use the Account Activity tab in their user information page.
Related Articles
Session
What is a session? A session is a specific instance of a presentation or screen share that includes information about the attendees and their participation as well as the content that the trainer delivered. Face-to-Face session is for in-room ...User Management
The User Management section allows you, as the super admin or admin, to add technicians to your organization. The number of technicians you can add depends on the number of licenses you have purchased. Invites can be sent one by one or to a group of ...Deliver a remote session using ShowTime Web
ShowTime Web allows you to broadcast your voice and video, screen share, showcase videos and present slideshows to attendees in different locations. By default, when you begin, ShowTime audio and video will be enabled. You can start a session either ...Email project management
Zoho Projects now supports email based project management. Now, you can easily manage your projects with emails. It saves time and gets your work done in just a click. You can add notes for your tasks, associate documents with a task, post comments ...Mailing list management
List management is a macro level to deal with contacts and take actions on them at your convenience. This provides a detail view of contacts with respect to mailing lists. Create list Once you create your Zoho Campaigns account, you'll be redirected ...