Security

Session Cookie Length

User session duration before going back to the User Provider. We recommend setting this value to: After closing the browser or to a short duration (1 or 3 days).

Same Site Cookie

This controls how the user session cookie is secured. Most browsers now prevent cookies from being sent when doing cross-origin calls and this setting will need to be change. Please refer to the SameSite documentation to learn more about this setting before changing it.

Maximum number of concurrent sessions

Limit the number of concurrent sessions for a user. If this value is empty, there is no limit. When a user tries to open more session than the allowed maximum number, the oldest session is automatically terminated.

Inactivity timeout in minutes

The number of minutes after which a session will be terminated for inactivity. If this value is empty, there is no timeout. When a session is terminated this way, the user will need to re-authenticate using the User Provider.

Cross-Origin Resource Sharing

Enable CORS on requests. It is also possible to restrict from which domain CORS calls are accepted.

Frame Ancestors

Allow the Digital Enterprise Suite to be embedded in a frame/iframe from a different domain. It is also possible to restrict the domains for which the embedding will be accepted.