would be nice if this feature will be also applied by exceptionally closed BP clients. If the client is not closed in a regular way there is only an log-on event but without log-out event. This log-out event should be created after idle time period
Before we can properly assess the impact of the idea, we need more information. Please can you share the exact use cases and benefits behind why you're suggesting this feature?
I am not the creator of this idea but I thought I will add my thoughts on this, maybe it helps.
Having a time-out that adds an end-date/time to the login/logout audit events would create a complete and consistent view on user behavior. This can be used for
reports on user based utilization (eg how often do people use BP, do they still need access)
answering audit questions
get an accurate list of currently active users to be contacted (eg in case of unplanned downtime notifications)
Client side time-out:
adds another level of security (eg Blue Prism portal also has time-out)
reduces overall system utilization and network traffic (especially when ASCR is not used)
The time-out limit has to be configurable. The best would be the configuration is at user role level, eg Admin and RR users won't be logged off
Can I ask how this functionality not being present impacts you today? Appreciate having an auto-log off function would improve security generally, but I'm wondering whether this actually presents an ongoing issue for users today or is more of a nice to have? My thinking is that the current number of votes from the wider community seems low, so doesn't speak to a significant amount of buy in or appeal to a wide audience.
No, we don't experience any drawbacks from not having the automatic log-out feature.
Another consideration might be the probably upcoming web based client. I assume about no user will press a log-out button but simply close the browser. Or there might be a browser session based time-out that probably don't trigger the BP logout event.
A lot of logout events would be probably missing or there will be mapping to generate an event in case of technical time-out.
But no, except of completeness and consistency and the points I stated earlier, I cannot think of any reason that would make a time-out feature necessary.
I'm going to include the planning in of an "auto timeout" feature into the browser based Design Studio roadmap, but as this idea specifically states "Interactive Client" as the target for this idea I'm going to update the status to Not Planned, as I don't see us doing this in the next 12-24 months for the on-premise product.
If there isn't already a timeout idea for the browser based Design Studio raised I'll do so myself to make sure it doesn't get lost!
Note: I've spotted this idea which is talking about a more general inactivity timeout feature - I'll probably use this as the vehicle to provide updates on this on an ongoing basis.
This is very much needed feature. We managed timeout for Hub & Interact via IIS, but BluePrism enterprise definitely needs this feature, its delaying the security assessment.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
