My Group: This user has no roles.

My Distribution ID: Please log in to see your distribution ID.
Open TOC
 


Session Time Management and NIVOMAX

Disclaimer

SYNAXIOM does not distribute NIVOMAX Viewer setup files directly to end users. To obtain the necessary setup files, users must download a copy directly from the Technical Publications Supplier's NIVOMAX Self Serve portal, subsequent to agreeing to the terms and conditions stipulated therein. The Technical Publication Supplier, possessing a valid Distribution ID for their copy of the NIVOMAX Applications, is the sole distributor. Access to and use of the NIVOMAX Viewer is contingent upon the purchase of a Data License for a digital product from the Technical Publications Supplier. The digital product downloaded will function exclusively with the viewer provided by the respective Supplier. Users are advised that the distribution of NIVOMAX Viewer setup files may be governed by applicable export control regulations depending on their region.

Licensing

It is not necessary for end-users to purchase a separate NIVOMAX license. The Technical Publications Supplier from whom you have acquired your Data License has already procured the requisite licenses from SYNAXIOM. By extending an invitation, they include you within their authorized user pool, as permitted under their NIVOMAX license agreement. You are authorized to use the NIVOMAX software provided the Technical Publications Supplier maintains a valid NIVOMAX software license.

Confidentiality

This document (“Document”) contains confidential and proprietary information owned by SYNAXIOM Inc. (“SYNAXIOM”). No part of this Document may be reproduced, copied, or distributed in any form or by any means without the prior written permission of SYNAXIOM Inc. Unauthorized use, disclosure, or reproduction of this Document is strictly prohibited. Any third-party intellectual property mentioned herein is the property of their respective owners, and such mention is for informational purposes only and does not imply any association with or endorsement by the owners.

This page must not be removed before distributing the document. It must remain present in all shared copies to ensure proper communication and compliance.

Session Time Management and NIVOMAX

Last Updated on September 12, 2024 | 5 min read


In environments that handle sensitive and proprietary information, the management of session time and user authentication is crucial. This holds particularly true for specialized software like NIVOMAX, which is designed to manage Technical Publications and deliver IETP (Interactive Electronic Technical Publications) and IETM (Interactive Electronic Technical Manuals) Libraries. Effective session management enhances security while ensuring that the system remains accessible and performs optimally under various user activities.

This article explores the default session management setup of NIVOMAX and assesses its adherence to industry best practices.

Default Configuration of NIVOMAX

NIVOMAX employs a well-structured approach to session time management, incorporating several timers to regulate session activities and user logins:

  1. Idle Timeout: Set to 1 hour, this timer logs users out of a NIVOMAX endpoint if they remain inactive for the specified duration. This idle timeout is crucial for minimizing the risk of unauthorized access to an unattended user session.
    • This setting aligns with many security policies aimed at reducing the risk of unauthorized access due to user inactivity. An hour strikes a reasonable balance between security and convenience in many operational environments.
  2. Active Session Expiration: Configured for 8 hours, this setting ensures that a user’s session expires after a continuous period of activity, necessitating a new login. This feature is vital for maintaining the integrity of the session and reducing the exposure window in case of session hijacking.
    • This aligns with a standard workday, reducing the need for users to frequently re-authenticate, which can enhance user experience without significantly compromising security.
  3. Concurrent Login Expiration: This setting permits a userID to maintain concurrent logins to the same endpoint for up to 24 hours. This feature is beneficial for users who access the platform from multiple devices but also necessitates robust monitoring to prevent abuse.
    • It provides flexibility for users needing to access the system from multiple devices, possibly from different locations, thus enhancing user convenience and productivity.

Working Scenario

Time 0 mins 1 hr (60 mins) 8 hrs (480 mins) 24 hrs (1440 mins)
User Activity User Logs in User Idle
(Idle Timeout)
Active Session Expires
(Active Timeout)
Global Session Expires
(Concurrent Login Timeout)
Event User Authenticated User is logged out due to inactivity User must log in again after continuous activity User must log in and all sessions are invalidated.
  1. User Logs In (0 mins):
    • User authenticates and starts a session.
  2. Idle Timeout (60 mins):
    • If the user is inactive for 60 minutes, they are logged out due to idle timeout.
    • The session ends, requiring re-authentication upon activity.
  3. Active Session Expiration (480 mins / 8 hrs):
    • The user’s session expires after 8 hours of continuous activity.
    • The user must log in again, ensuring session integrity and reducing risk of session hijacking.
  4. Global Session Expiration (1440 mins / 24 hrs):
    • The global session applies to all sessions created by the user within a 24-hour period.
    • After 24 hours, the user must log in again, and all concurrent sessions are invalidated.

An SSO session is only required when the Data Server Administrator is actively using the NIVOMAX Data Server to perform tasks such as disconnecting Network Client Users, updating data libraries, or installing licenses. The NIVOMAX Data Server does not require an active authenticated session to serve Network Client Users accessing data libraries.

Best Practices in Session Management

When setting session management policies, it is essential to balance security with usability. Each unique distribution of NIVOMAX may be configured differently based on the requirements of the ePubs supplier. If the configuration used by your ePubs supplier differs from the default settings mentioned here, it will be noted on your ePubs Supplier Information Sheet.

The current session time expiry and management settings of NIVOMAX reflect our understanding of the need for robust security practices while maintaining user convenience. As NIVOMAX evolves, our approach to managing user sessions will adapt, always with an eye towards balancing stringent security measures with optimal user experience.

Understanding SSO Sessions and the IdP

Single Sign-On (SSO) sessions, managed by an Identity Provider (IdP), allow users to authenticate once and gain access to multiple applications without needing to log in separately to each one. The IdP handles the user’s credentials and issues authentication tokens to the requesting application, streamlining the login process and enhancing security by centralizing authentication.

NIVOMAX Authentication Broker and IdP Interaction

The NIVOMAX platform has its own session management capabilities. Once a user is authenticated using the Identity Provider (IdP) through the NIVOMAX Authentication Broker, the platform uses tokens to manage additional access requests to endpoints within the platform.

  • NIVOMAX Authentication Broker as the Gatekeeper: The NIVOMAX Authentication Broker acts as the gatekeeper, ensuring that only authenticated users can access the platform. Once the IdP authenticates a user, the broker issues its own tokens for session management within NIVOMAX.
  • Token-Based Access: After initial authentication, tokens issued by the NIVOMAX Authentication Broker are used to maintain session continuity for additional access requests, ensuring secure and seamless interactions within the platform.
  • Logout Process: When a user explicitly logs out, the NIVOMAX platform also logs the user out of the IdP. The IdP maintains its session parameters, requiring the user to re-authenticate as necessary.
  • Session Timeout Synchronization: The NIVOMAX system can be configured to maintain internal session timeouts. If these internal timeouts are shorter than the IdP session, the user will be logged out of the NIVOMAX platform and redirected to the IdP login. The active IdP session will respond, and a new NIVOMAX session will be created without the user needing to re-enter credentials.

This approach ensures a secure, efficient, and user-friendly experience, aligning with industry best practices while addressing the specific needs of our users.


For the latest documentation on this and other important topics, please refer to the NIVOMAX Help Center. The NIVOMAX Help Center is your primary resource for up-to-date information, guidelines, and self-serve support for NIVOMAX.

This document also has an online version which may be more up-to-date.


CONFIDENTIAL

This document is the property of SYNAXIOM Inc.