Expand my Community achievements bar.

Disable "Automatically log users out after" setting for SSO enabled instances

Avatar

Level 2

6/22/17

When a user currently gets logged out, it redirects to a login screen which is bad user experience. My instance is SSO enabled, so login is not required to access WF and the only current workaround is for users to remove the /login URL extension.

4 Comments

Avatar

Level 6

7/10/17

We have a similar issue in our configuration.

When a Workfront user is inactive for certain period of time, Workfront automatically logs users out. When they are logged out, they are redirected to Workfront log-in screen. With our SSO implementation, our users are not allowed to use the Workfront log-in page. They have to close the browser and re-open Workfront (or click a browser bookmark), which kicks off the SSO process again.

QUESTION: Is there something that can be done instead? When they see the timeout due to inactivity pop-up, can they get re-logged into Workfront?

--

Our Workfront consultant Tyler Oglivie said, "Unfortunately, it doesn't look like we can force a redirect back to SSO login when users are timed out due to inactivity. It will continue to log them out to the Workfront log-in page, even though they cannot log in through that method."

Avatar

Level 2

2/12/20

I added my vote to this as it's now an issue since we are implementing Workfront in our company and required to follow IT Security Policy of 15 minute idle time equals auto log out. We are using SSO so this is causing a lot of frustration for our users, ending up back at the logon page that they can't use is not a good experience at all. At bare minimum a "Log In Using Single Sign-On" URL on the logon page would help. That way the end user can click the link on the page and be SSO'd back into WF. We use this with our current SSO/Cloud based PM app. WF needs this to be done. Would like to see something done so I'm going to post back in the main forum to see if we can get more attention to this.


Thanks,

Todd

Avatar

Level 3

2/13/20

Just a quick question here, you can specify the Sign-Out URL (i'm not totally sure if this happens on automatic logout), but this will only take effect if you have the "Only Allow SAML 2.0 Authentication option checked on your user profile". We had a similar issue but it seemed to be resolved when specifying a specific page as the Sign-Out URL (obviously for those who weren't admins/didn't have this option enabled).


Information: https://experience.workfront.com/s/article/Configuring-Workfront-with-SAML-2-0-725720343


Thanks

Avatar

Level 2

8/13/20

I agree. We have SSO and auto provisioning. When a user is auto logged out and then tries to use the logon screen they either try and use a different account which creates a new useless account, or they open a trouble ticket. At a minimum the logon screen needs to have a URL "Single Sign-On Click Here" on the page so SSO users know to not try and log in manually. This simple URL is available on one of WorkFront's competitors screens to prevent this very issue. Yes we can go to the setup and redirect there to a corporate other web page, but this just PO's our users. The only workaround I've been able to give our users is to create a bookmark with the SSO link and display it on the favorites bar. "WF Prod SSO" so the users click on that when they are at the Workfront Logon screen. New ueres have to learn this, and even some old users forget. I suppose we could create our own web page, re-direct to it, and it would have the SSO link and manual logon link. That might work if/when we have time to do that.