Learn all about sessions and session lifetimes, and how they work for your platform.
Session management is the process of managing secure user interactions with a web application. Staffbase further uses session management to ensure data integrity and avoid security breaches to your platform.
A user session refers to the time period during which a user is actively using the platform. A user session starts when a user signs into the platform and ends when the session expires. You can define the user session lifetime, which is the maximum time a user can stay signed in their Staffbase platform without any interaction, and limit the number of parallel sessions for users of your platform. Learn more.
Single sign-on (SSO) authenticates and authorizes users to access multiple platforms without having to log in separately to each platform. You can configure the SSO session lifetime in your identity provider (IdP).
If you use SSO to authenticate users to your Staffbase platform, the Staffbase platform session lifetime is not affected by the SSO session lifetime.
If your Staffbase platform session lifetime is shorter than the SSO session lifetime, users are prompted to reauthenticate to their Staffbase account. This happens once the set period of inactivity, according to the Staffbase platform session lifetime, lapses. For example, if your Staffbase platform session lifetime is 7 days, and your SSO session lifetime is 14 days, users are prompted to reauthenticate to their Staffbase account after 7 days.
However, if your Staffbase platform session lifetime is longer than your SSO session lifetime, the user session remains active until Staffbase session lifetime expires. For example, your Staffbase platform session lifetime is 14 days, and your SSO session lifetime is 7 days. Users remain active in the Staffbase platform, and do not need to authenticate to the Staffbase account when the SSO session lifetime expires.
When Staffbase redirects a user to the IdP login page, the IdP verifies the request token and provides a response token with an IdP session, if the user has an active IdP session. If the user does not have an active IdP session, the IdP initiates a login process. There is a different authentication flow if your organization uses SAML SSO with Microsoft Entra ID (formerly Azure Active Directory). In the case of SAML SSO with Microsoft Entra ID, it returns an IdP session and response token for subsequent login attempts to the Staffbase platform. Staffbase checks how old the Microsoft Entra ID session is, and if it is older than the session lifetime configured in the Staffbase backend, Staffbase forces a new log in into the Microsoft Entra ID. The session lifetime in the Staffbase servers was configured while you set up SSO with the help of Staffbase support or onboarding teams. This session lifetime is different from the one you configure yourself in the Staffbase Studio. If you need more information, reach out to support@staffbase.com.