The session duration in SMARTFENSE defines the length of time during which a user — whether an administrator or an end user — remains authenticated within the platform without needing to log in again. This mechanism is key to balancing security, ease of use, and reduction of operational risk, adapting to industry best practices.
Why is session control important?
Proper session management allows:
Preventing unauthorized access on shared or unattended devices.
Compliance with security standards and corporate policies.
Minimizing risks of session hijacking or social engineering attacks.
Ensuring each user operates under their legitimate identity.
Maintaining a balance between security and usability.
Sessions are designed to expire automatically when certain security criteria are met, preventing the system from remaining open indefinitely.
Session duration for end users
The end users (employees assigned to courses, simulations, or content) usually require a simple and smooth experience, so the platform applies values that maximize ease of use without compromising security.
Typical session duration for end users
The session remains active for a standard, not extended period of time while the user remains browsing.
If there is no activity for a certain period, the session expires automatically.
Upon expiration, the user must log in again to continue with their assigned activities.
Benefits for the end user
Prevents frequent interruptions during courses or assessments.
Ensures the platform remains protected if a user leaves their device unattended.
Maintains a simple experience without technical complexities.
Session duration for administrators
The administrators handle sensitive information: risk metrics, phishing reports, campaigns, personal data, and system configurations. For this reason, their session control has stricter security requirements.
Typical session duration for administrators
The session remains active while the user is active on the platform.
If the administrator remains inactive for a certain period, the session closes automatically.
The allowed inactivity time is usually stricter than for end users, since exposure of an administrative panel can pose a greater risk.
To continue, the administrator must authenticate again.
Benefits for security
Reduces the risk of unauthorized access if the console is left open.
Protects critical sections such as:
Phishing campaign reports
User management
Configurations and assets
Integrations with identity providers
Strengthens compliance with organizational security policies.
Additional considerations
SMARTFENSE can operate in different corporate environments with access policies that modify the standard behavior:
Integrations with SSO / IdPs
When the platform integrates with:
EntraID
Google Workspace
Active Directory / LDAP
Other compatible Identity Providers
Session control can be adjusted to:
Durations established by the identity provider
Internal MFA policies
Conditional access restrictions
Enforcement of periodic revalidation
Shared or public devices
It is recommended that users manually log out when using devices they do not control, even if automatic expiration is active.
Simultaneous sessions
Internal policies may limit or allow multiple open sessions for the same user, depending on the required level of security.
Conclusion
Session management in SMARTFENSE is part of its comprehensive security approach. Both end users and administrators have session durations designed to:
Keep the platform secure.
Protect organizational data.
Prevent unauthorized access due to inactivity.
Preserve a smooth user experience.
Whether for training, phishing simulations, or campaign management, the system ensures that each session remains active only as long as necessary and under secure conditions.