Session timeout with SSO integration occurs more often than the value set in Jira Align
Platform Notice: Cloud and Data Center - This article applies equally to both cloud and data center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
In Jira Align, when using SSO integration to externally manage user authentication, the session of a logged in user times out much earlier than the Session Timeout value set in the Settings / Administration > Platform > Security (tab).
Diagnosis
User sessions have been disconnected earlier than expected, for examaple: "In Jira Align, although the Session Timeout was defined as 4 hours (240 mins), the users were forced to re-login again after 20-30 minutes".
Cause
This is caused by a mismatch of the timeout values set in the SSO product when compared to the Session Timeout value defined in Jira Align.
Solution
In both Jira Align and the SSO product, configure the timeout values to be the same (or match as closely as possible).
For example, if the Session Timeout is defined as 240 mins (4h) in Jira Align, but this value is given as 120 mins (2h) in Okta, this can cause unexpected timeouts due to frequency mismatch.
Solution: Choosing 240 mins in for both products in the example above will work.
Specific details if using Okta as the SSO Product
First, find the session timeout value in Okta.
According to Okta Document: Enforce a limited session lifetime for all policies, there is enforcement of a limited session lifetime for "all policies", and the default session lifetime is 2 hours in Okta.
Check the related "Session expires after" duration value at Okta? (This is the value we will use in Jira Align, specified in the steps below.)
Then, update the session timeout value in Jira Align with a similar value.
Go to Settings / Administration > Settings > Platform in Jira Align. Check the value in the Session Timeout (Minutes) field. ( Help page for Security settings: Session Timeout )
If necessary, update the Session Timeout (Minutes) field with a value that you got from the Okta side. ( Please note that will you need to convert the Okta (seconds) value to minutes. )
Related Content:
Security settings in Jira Align Help page
Enforce a limited session lifetime for all policies in Okta Documentation
AD FS 2016 Single Sign On Settings in Microsoft Documentation
Was this helpful?