cancel
Showing results for 
Search instead for 
Did you mean: 
james.man
Staff
Staff
Status: Not Planned

Consider adding a feature where idle users in the IC are forcibly logged out of the interactive client after a user definable time period

8 Comments
Walter.Koller
Level 11
would be nice if this feature will be also applied by exceptionally closed BP clients. If the client is not closed in a regular way there is only an log-on event but without log-out event.
This log-out event should be created after idle time period
AmyTsaousi
Community Team
Community Team

Hi James, thank you for submitting this idea. 

Before we can properly assess the impact of the idea, we need more information. Please can you share the exact use cases and benefits behind why you're suggesting this feature? 

Many thanks,

Amy

Walter.Koller
Level 11

I am not the creator of this idea but I thought I will add my thoughts on this, maybe it helps.

Having a time-out that adds an end-date/time to the login/logout audit events would create a complete and consistent view on user behavior. This can be used for

  • reports on user based utilization (eg how often do people use BP, do they still need access) 
  • answering audit questions 
  • get an accurate list of currently active users to be contacted (eg in case of unplanned downtime notifications)

Client side time-out: 

  • adds another level of security (eg Blue Prism portal also has time-out)
  • reduces overall system utilization and network traffic (especially when ASCR is not used)

The time-out limit has to be configurable. The best would be the configuration is at user role level, eg Admin and RR users won't be logged off

Hi @Walter Koller

Can I ask how this functionality not being present impacts you today? Appreciate having an auto-log off function would improve security generally, but I'm wondering whether this actually presents an ongoing issue for users today or is more of a nice to have? My thinking is that the current number of votes from the wider community seems low, so doesn't speak to a significant amount of buy in or appeal to a wide audience.

Regards,

Rob

Walter.Koller
Level 11

@robert.nicklin  

Hi,

No, we don't experience any drawbacks from not having the automatic log-out feature. 

Another consideration might be the probably upcoming web based client. I assume about no user will press a log-out button but simply close the browser. Or there might be a browser session based time-out that probably don't trigger the BP logout event.

A lot of logout events would be probably missing or there will be mapping to generate an event in case of technical time-out.

But no, except of completeness and consistency and the points I stated earlier, I cannot think of any reason that would make a time-out feature necessary.

Regards

Thanks for your feedback Walter.

I'm going to include the planning in of an "auto timeout" feature into the browser based Design Studio roadmap, but as this idea specifically states "Interactive Client" as the target for this idea I'm going to update the status to Not Planned, as I don't see us doing this in the next 12-24 months for the on-premise product.

If there isn't already a timeout idea for the browser based Design Studio raised I'll do so myself to make sure it doesn't get lost!

Regards,

Rob

Note: I've spotted this idea which is talking about a more general inactivity timeout feature - I'll probably use this as the vehicle to provide updates on this on an ongoing basis.

sastharpa
MVP

This is very much needed feature. We managed timeout for Hub & Interact via IIS, but BluePrism enterprise definitely needs this feature, its delaying the security assessment.