As a Workspace ONE UEM admin, you can configure the settings related to administrator sessions (through different computers or browsers) within the Workspace ONE UEM console using the Session Management settings page.

Note:  The settings on this page can only be configured at the Global level.

What can you do with the Session Management settings page?

The path to the settings page on the UEM console is Groups & Settings > All Settings > Admin > Console Security > Session Management.

With the Session Management settings page, you can:
  • Set the time duration for a session to be active and for an active session to remain idle before the admin automatically logs out.
  • Permit multiple sessions in other browsers or on other computers.
  • Permit the IP address change for a logged-in admin during a session.

Determine your Organization group hierarchy

Before you review and modify the settings, understand the two types of inheritance/override options for the organization group hierarchy available at the top and bottom of the settings page and determine your choice. For more information about these settings, see Override Versus Inherit Setting for Organization Groups.

  • Current Setting – Select whether to Inherit or Override the displayed settings. Inherit means use the settings of the current organization group's parent OG, while Override enables the settings for editing so you can modify the current OG's settings directly.
  • Child Permission – Select the available behavior of child organization groups that exist below the currently selected organization group. Inherit only means child OGs are only allowed to inherit these settings. Override only means they override the settings, and Inherit or Override means you can choose to inherit or override settings in child OGs that exist below the currently selected OG.
Setting Description
Forced Session Timeout

Enter the number of minutes an active session lasts before an admin is automatically logged out. A zero entry means forced session timeout is restricted. The default value is 1440 minutes (24 hours).

Idle Session Timeout

Enter the number of minutes an active session can be idle (not interacting with the console) before an admin is automatically logged out. A zero entry means the idle session timeout is restricted. The default value is 240 minutes.

SaaS customers are limited to a 60 minute Idle Session Timeout setting due to the load balancer persistence setting.

Allow Multiple Sessions

Enable to allow multiple open sessions, such as in other browsers or on other computers.

Allow IP Address Change Enable to allow a logged-in admin's IP address to change during a session and remain logged in.
OAuth Token Validity

Enter the number of seconds that an OAuth access token remains valid. A zero entry means the OAuth Token always remains valid. The default value is 3600 seconds (1 hour).