How can we better manage our desktop user sessions?
Oracle B2C Service, Desktop Usage Administration
Organizations can better manage their desktop user sessions, which can help lower seat usage for licensing compliance and reduce costs. This new functionality is enabled by default and provides two ways for you to manage desktop user sessions and maintain site security:
Force logout of active sessions - Manually log out staff members who are currently logged in. This terminates the staff member's session and closes the application. Any unsaved work will be lost. For more information, refer to "Force Logout of active sessions" within the documentation.
Using the "Logged in Staff Accounts" standard report (Common > Site Administration > Staff Management), you can see which staff members are currently logged in, the date and time they logged in, and how long they have been logged in. You will also see a Force Logout button on the Record group of the ribbon that you can click to manually log out a selected staff account. You can also right-click a staff account in the list and select Force Logout.
See Force logout of staff account for more information on this topic.
Automatic logout of inactive sessions - Set up your application for automatic logout of inactive sessions after a specific period of time. For more information, refer to "Automatic logout of inactive sessions" within the documentation.
CLIENT_SESSION_EXP - Use this configuration setting to specify the time in one-minute intervals that a session can be inactive before a staff account is automatically logged out. The default value of CLIENT_SESSION_EXP, located at Site Configuration > Configuration Settings > RightNow Users Interface > General > Security, is 15 minutes and the maximum value is 1440 (24 hours). When session management functionality is disabled, this setting remains an effective way to maintain site security.
NOTE: For August 2012 and previous versions the CLIENT_SESSION_EXP configuration setting exists, but functions differently. For instance, the setting specifies the number of minutes the client can remain idle until the user is forced to reenter credentials to continue.
Session Timeout field - Use this field on the Profiles editor to specify a time (in minutes) other than the time defined in CLIENT_SESSION_EXP that a session can be inactive before a staff account is automatically logged out, or set this field so that staff members with a particular profile are exempt from being automatically logged out.
For more information, see Console Locked Message.
For additional information, refer to the 'Session Management and Login Controls' section in online documentation for the version your site is currently running. To access Oracle B2C Service manuals and documentation online, refer to the Documentation for Oracle B2C Service Products.