🌐 Web📱 Mobile | 👤 Yokoy organization admin
Higher security standards and industry best practices require users to regularly re-authenticate in applications to prevent idle sessions and hence, unauthorized access. By default, Yokoy logs users out after three hours of inactivity.
However, you can determine the session timeout for your organization, automatically logging users out of the application if they are inactive after a specific time. Inactive users either need to into Yokoy again either using their user and password or via SSO (depending on your organization‘s setup) or re-activate their session in Yokoy. Otherwise, they are automatically logged out of Yokoy.
For example, you can determine a session timeout that allows users to remain inactive for up to 1 day (24 hours). A user logs in, submits an expense, and then leaves the session open in a tab and doesn’t use the app for a few days. The next time they open the app again, they will be required to log into Yokoy with their credentials again, as the total time that the session is considered to be inactive was more than a day.
If the session timeout set is greater than an hour, inactive users see a notification five minutes before their session is about to expire due to inactivity. They can click Refresh session to activate the session and continue using the app. This action resets the inactivity counter in the session token. Should the user‘s session become inactive again, the user must either activate their session again or log in with their credentials depending on the time that has elapsed since their last activity.
If the session timeout is less than an hour, the notification is displayed at 10% of the timeout value. For example, if you request a timeout value of 10 minutes, at minute 7 (i.e. 0.7*10), inactive users are warned that they will be logged out as their session is about to expire.
The session timeout is set at the organization level and applies to inactive users across all companies (legal entities) within the organization. The minimum session timeout value is 120 seconds, while the default is 604,800 seconds. The maximum session timeout is 15,778,800 seconds, which is equivalent to six months. Contact Yokoy's technical support to adjust this setting for your organization. You can select both developer users and organization admin users for session timeout settings. However, if needed, you can request a setting of up to six months.