```mediawiki Navigation: Main_Page > Settings > Security > Enable session timeout

Enable session timeout in ActiveCampaign[edit | edit source]

Introduction[edit | edit source]

The session timeout feature in ActiveCampaign is an important security setting that enables account administrators to manage user sessions effectively. By configuring this feature, users who remain idle for a specified period will be automatically logged out of their accounts. This proactive measure helps protect your ActiveCampaign account from unauthorized access, ensuring that sensitive information remains secure, especially in cases where users may leave their sessions open on shared or public devices. Enabling session timeout is a recommended best practice for maintaining security integrity within your ActiveCampaign environment.

How to Access This Feature[edit | edit source]

To access the Enable session timeout feature, you need to navigate through the following steps: 1. Click on Settings (gear icon) in the main menu. 2. Select Security from the settings menu.

Once you are in the Security settings, you will find the option to enable the session timeout.

Step-by-Step Instructions[edit | edit source]

To enable session timeout, follow these detailed steps:

1. **Click** on the Settings icon (gear icon). 2. **Select** Security from the settings menu. 3. **Toggle** the Session Timeout setting to the On position. 4. **Adjust** the dropdown(s) under Session Timeout Length to set your desired timeout limit. The options range from 15 minutes to 24 hours, configurable in increments of 15 minutes or 1 hour.

  - If a user is active during the specified timeout length, they will remain logged in; however, if they do not interact with their account for the set period, they will automatically be logged out. 
  - **Take note**: If you do not set a session timeout length, it will default to 24 hours.

Your changes will automatically be saved, and the new settings will take effect immediately.

Configuration Options and Settings[edit | edit source]

When configuring session timeout, you have several important settings to consider:

• Session Timeout Length: You can select a timeout period that suits your security needs, ranging from 15 minutes to 24 hours.
• Timeout Warning: A notification will appear in a dialogue box 60 seconds before a user is automatically logged out.

Only users in the Admin group have the capability to enable session timeout and adjust the session timeout length. Remember, this is an account-level setting and cannot be adjusted on an individual user basis.

Best Practices and Tips[edit | edit source]

1. **Set a Reasonable Timeout Duration**: Consider your organization's security needs when selecting a timeout length. A shorter timeout may enhance security but could inconvenience users who may need frequent access without having to log in repeatedly. 2. **Monitor User Activity**: Regularly check user activity reports to understand usage patterns and adjust the timeout settings accordingly. 3. **Inform Users About Session Timeout**: Educate users about the session timeout feature and its importance for their account security, including the warning they'll receive before being logged out. 4. **Enable Multi-Factor Authentication (MFA)**: In conjunction with session timeout, implementing MFA can significantly improve account security. MFA requires users to provide additional verification, further protecting against unauthorized access.

Troubleshooting[edit | edit source]

If you encounter issues with the session timeout feature, consider the following troubleshooting steps: - Verify that you are logged in as an Admin user, as only Admins can change the session timeout settings. - Recheck the configurations to ensure that the session timeout has been toggled to the On position and that the timeout length is set. - If users are not receiving timeout warnings, confirm that they remain idle long enough to trigger the warning before being logged out.

Related Features[edit | edit source]

In addition to session timeout, consider leveraging other account security features such as:

• Multi-Factor Authentication (MFA): This setting enhances security by requiring two forms of identification for users logging into their accounts.

These features are accessible on the Settings > Security page of your ActiveCampaign account.

FAQ[edit | edit source]

What is considered an idle account user?[edit | edit source]

An idle account user is an individual who has logged into their ActiveCampaign account and has not clicked, typed, or refreshed a page within the set period of time.

What is a user session?[edit | edit source]

A user session refers to the time when an individual performs actions within their ActiveCampaign account, starting when they log in and ending at log out. This includes activities like creating campaigns, configuring automations, and managing contacts.

What is user session management?[edit | edit source]

User session management is a critical aspect of account security that allows administrators to enforce security policies related to user sessions. ActiveCampaign provides account admins with the ability to set session timeout at an account level.

How does the timeout warning appear to users?[edit | edit source]

Users will receive a visual notification in the form of a dialogue box that appears 60 seconds before their session ends due to inactivity.

What are other account security settings available?[edit | edit source]

Besides session timeout, enabling multi-factor authentication (MFA) is highly recommended for enhancing security. MFA requires two forms of identification, adding an additional layer of protection against unauthorized access.

Can I configure session timeout settings at an individual user level?[edit | edit source]

No, session timeout is set at an account level and cannot be configured for individual users.

What happens if I don't set a session timeout length?[edit | edit source]

If no session timeout length is specified, the default duration will be set to 24 hours.

By effectively using the Enable session timeout feature, you can significantly enhance the security of your ActiveCampaign account, protecting it against unauthorized access and ensuring a secure user experience. ```