User Interface (UI) Sessions
The following timeout values are in effect for the NetSuite UI:
-
By default, the idle session timeout value is 180 minutes (3 hours). An administrator can configure the value of the Idle Session Timeout in Minutes field on the General Preferences page. Go to Setup > Company > Preferences > General Preferences. Valid values range from 15 minutes to 720 minutes (12 hours).
-
For users logged in with a role that has permission to view unencrypted credit card data, idle session timeout value is 15 minutes. This restriction is in compliance with section 8.1.8 of the Payment Card Industry Data Security Standard (PCI DSS) Requirements and Security Assessment Procedures, version 3.2. Click here to view a PDF of this document from the PCI library.
-
The default value of 12 hours for absolute session timeout is aligned with the National Institute of Standards and Technology (NIST) Digital Identity Guidelines for Authentication and Lifecycle Management. Click here to view Section 4.2.3, Reauthentication, in the NIST guidelines.
UI session management information for users:
-
The system displays a warning with a 60-second countdown before an idle session timeout. The user can click a Keep Session Active button to resume the session.
-
Session management across multiple tabs is synchronized. When a user logs in to an account, all open tabs associated with that account are simultaneously unlocked. When a user logs out of an account, all open tabs associated with that account are locked.
-
For users who often switch between roles or various companies and leave multiple browser tabs open from previous sessions, the tabs of stale sessions are shown as inactive. When a user changes roles, sessions from previous roles are invalidated, and those browser tabs are locked.
-
Occasionally, users might notice Offline sign near the bottom right of the UI. For more information, see The Offline Notification in the UI.