When accessing the Company Dashboard, Company Administrators and MURAL stakeholders will see a section called Security with the subsection titled "Sessions."
Here there are two parameters that can be configured:
- Authentication Token Storage
- Expire inactive company members’ sessions (Idle Timeout) -- currently in beta, contact support to join early access program.
Authentication Token Storage
With this setting Company Administrators can choose where the company members' JWT Tokens are stored.
By default, MURAL stores the authentication tokens in the local storage of the browser. With local storage, users aren't logged out unless the user erases their browsing data.
The options company administrators can select for this setting are:
- Local storage - Tokens persist even after the browser is closed and the same token can be used for different tabs.
- Session cookies - Cookies are deleted when the session ends. So, users will need to log in after they quit their browsers.
- Session storage - The token is automatically cleared when the browser’s tab is closed. Every time a new tab is opened users will have to sign in again.
Expire Inactive company members’ sessions (Idle Timeout)
Note: this feature is currently in beta, contact support to join early access program.
Idle Timeout is a security feature that allows Company Administrators to sign out company members’ sessions that are inactive after a pre-defined period of time. With this feature, you can rest assured that a user who is inactive for a preset amount of time will be signed out, safeguarding sensitive information that is stored in MURAL.
Company administrators can set the amount of inactive time before a user is automatically signed out. That user will need to log in to access their murals.