Body
Environment
D2L Brightspace
Issue
New session timeout of 30 minutes
Resolution
A 30 minute session timeout value has been implemented on D2L Brightspace to comply with an upcoming Minnstate Operating Instruction and security best practices (NIST, OWASP).
What this means for users -- After 30 minutes of inactivity/idle time within D2L Brightspace you will be prompted to re-authenticate.
What constitutes 'activity': Navigating to different pages, clicking something that auto-saves, and typing in a Written Response text box are a few examples of actions you can take to keep your system access active. Even if you sit and do nothing for 30 minutes, a popup that reads “ARE YOU STILL THERE?” appears, and you can click anywhere or press any key to renew your session. Moving the cursor or clicking randomly isn’t enough to keep your system access from timing out.
Example of the new operating instruction language ( not final until released ): Idle Time Lockout. For any user capable of accessing Not Public data, devices or systems must be set to automatically lock a user session after no more than thirty (30) minutes of idle time and the user must re-authenticate to re-establish access. Presentation systems that are attended by the account owner may have a different time out as approved by institution IT.