Balancing Security and User Experience

Session Timeout is a delicate dance between ensuring your information remains private and providing a seamless online experience for end users completing content on the platform.

Below are some best practice tips to consider before using this function.

1. Enhancing Security

Setting a shorter Session Timeout duration will provide increased security by reducing the window of opportunity for potential unauthorised access. This is especially important if the platform contains sensitive business information or personal/special category data.

2. User Convenience

Conversely, longer Session Timeouts offer greater convenience for end users, as they won't need to log in as frequently. Striking the right balance is crucial to ensuring a secure environment without compromising user experience.

Admins have the option of setting the timeout between 30 minutes and 8 hours. 

3. Striking the Right Balance with the 'Privileged User' Setting

Privileged Users, such as Admins and Business Users, often have access to much more personal data or sensitive business information than regular end users; therefore, they are at a higher risk of their session being accessed by an unauthorised individual.

Enabling the ‘Privileged Users Only’ setting ensures that only users with elevated permissions (e.g. Admins and Business Users) are automatically signed out after the timeout period. Regular end users will not be impacted by the Session Timeout, providing them with a better user experience when completing content.