none
UAG Session Timers and 2FA Authentication

    Question

  • I have been working with a UAG trunk that is authenticated by RSA SecurID.  The trunk is aimed primarily to expose applications to mobile devices (phones or tablets).  What we would like is to force the RSA authentication at least once a day on the device.  I have set the forced logoff parameter on the trunk to reflect that.  However, I have some test users that report being able to stay connected for much longer than that even up to several days without having to re-authenticate.

    Since these endpoint devices will not have the client components, I am wondering how much the session timers are actually working in this scenario?

    Monday, February 04, 2013 2:24 PM

All replies

  • The inactivity timeout and the scheduled logoff feature work independent of the client components.  Should be working.  Either something wrong with your config or a bug.   When one of these clients log in you can use the web monitor to look at the users session.  Move over to the "parameters" tab to see what that users scheduled logoff is being set to.  Remember scheduled logoff is in minutes, whereas inactivity timeout is in seconds.  So if you want scheduled logoff once a day should be 1440 (mins).  I'd also check that the clients are getting the type of session you are expecting, default vs priviledged, so you know you are turning the feature on/off and setting the value in the right spot.. 
    Friday, February 08, 2013 5:40 PM