Modifying Session Timeout Settings

Overview

Session timeout settings in Practifi define how long a user session can remain idle before the system automatically ends it. This feature is a critical security measure that helps protect sensitive business data by preventing unauthorized access if a user forgets to log out or leaves their device unattended. Beyond security, session timeouts also support compliance with industry regulations and free up system resources by closing inactive sessions. By enforcing session timeouts, organizations can strike the right balance between usability, data protection, and regulatory requirements. This article outlines how to modify session timeout settings to suit your organization's needs. 

• Organization Session Timeout Settings
• Profile Session Timeout Settings

Organization Session Timeout Settings

Setting session timeouts at the organization-wide level in Practifi ensures consistency, security, and compliance across all users. By applying the same timeout policy across the organization, administrators can ensure everyone follows the same standard for protecting sensitive data, regardless of role or department. An organization-wide policy helps eliminate gaps where individual profiles might have weaker settings and reduces the risk of accidental data exposure. An organization-wide setting also simplifies administration by eliminating the need to manage separate settings for each profile, making policies easier to maintain, enforce, and audit. 

By default, your Practifi organization has a session timeout of two hours. Sessions longer than two hours can pose security and compliance risks. Extended sessions increase the likelihood of unauthorized access if a user leaves their device unattended or a laptop is lost or stolen, because sensitive data remains accessible without reauthentication. Consider this risk when modifying your organization's session timeout settings. 

To adjust an organization's session timeout settings:

1. Navigate to Salesforce Setup by clicking the gear icon in the upper right-hand corner of the page and selecting Setup from the drop-down menu. 

   

2. From Setup, use the Quick Find search to search for and select Session Settings.
   
   
    
3. Locate the Session Timeout section at the top of the page. It may require scrolling up depending on where the page has loaded. 
   
   
    

4. From the Timeout Value drop-down, select the desired session length for your organization. The default value for this drop-down is two hours.

   Please note: Salesforce updates the last active session time value every five minutes. So if your organization has a 30-minute timeout and a user updates a record at the three-minute mark, Salesforce checks for activity and refreshes their session at the five-minute mark. If the user makes no further updates, the total session length is 35 minutes.

   

5. Once your adjustments are made, scroll down to the bottom of the page and click Save to finalize this change.

   

Profile Session Timeout Settings

While defining session timeout settings at the organization level is preferred, you may want to set them at the profile level in Practifi when different roles in your organization have varying levels of security risk or distinct productivity needs. For example, highly privileged users, such as system administrators, often handle sensitive data and therefore benefit from shorter sessions to reduce exposure if their sessions are left unattended. 

On the other hand, roles like advisors or client service reps who need to stay logged in continuously while handling clients may require longer sessions to avoid frequent disruptions. By tailoring session timeout policies to each profile, you can balance strong security controls for high-risk roles with efficient workflows for everyday users, ensuring compliance and usability across the organization.

To adjust a profile's session timeout settings:

1. Navigate to Salesforce Setup by clicking the gear icon in the upper right-hand corner of the page and selecting Setup from the drop-down menu. 
   
   
    

2. From Setup, use the Quick Find search to search for and select Profiles.

   

    

3. Select the profile you would like to modify. Standard profiles used in Practifi are as follows:
   • System Administrator
   • Practifi User - Salesforce
   • Practifi User - Salesforce Platform
4. On the profile's page, click the Edit button. 
   
   
    
5. Scroll down to the Session Settings section. 
   
   
    
6. From the Session Times Out After drop-down, select the desired session length for the profile. The default value for this drop-down is two hours.
   
   
    
7. Once your adjustments are made, scroll down to the bottom of the page and click Save to finalize this change.