I would like to have an inactivity signout policy for my SPA.
I am using the okta widget.
I am using terraform.
There is a configuration policy for sign on rules documented in terraform
I am unable to find the configuration for this inactivity timeout duration in the okta admin UI.
The values for
re_authentication_frequency are specific to Okta Org (domain) activity. For example the Okta dashboard app, if 15 minutes goes by where a user does not click any links that would cause a request to the domain, then the session would need to re authenticate/challenge/etc.
For applications like a SPA application the
okta-auth-js SDK does not track user activity in any way. The only thing the SDK does by default is keep track of token expiration and refresh tokens automatically if configured and running as a service.
There have been clients who have used token about to expire events to check if a session is still valid or should be logged out. You still need a way to keep track of activity by the user however. If your SPA happens to make use of isAuthenticated() often you might be able to update an activity global variable here, but activity tracking functionality is not build into the frontend SDKs and is up to the app to track.
Hi @broeks you can also check out Refresh token inactivity in your Access Policy. You can set a rule in your Access Policy so that your refresh token will expire if it is not used within a defined period of time.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.