Box has added new degrees of precision to how our admins can define their organization’s session inactivity policy, providing admins with more complete, granular control over how their organization is secured.
Session inactivity duration is a rule within the Security tab of the Admin Console, where admins set the amount of time a user can be inactive before their session is terminated. This automated process is important to ensuring that lingering open sessions don’t become a vulnerability, but if implemented without consideration for business needs can also introduce friction by requiring frequent logins that disrupt employees’ work.
This new update changes how Box admins set the period of inactivity that triggers session termination. Previously, admins would choose between 12 pre-defined time frames for session termination, but we have expanded that many times over. With this update, admins will:
-
Select the unit of time (minutes, hours, days)
-
Then select from a larger range of values
Existing policies will not be impacted or changed, this will only alter how admins change their session inactivity policies going forward. If you would like to learn more about Box Security setting such as this one, please visit our Support page.