Posted On: Oct 20, 2022
Using AWS IAM Identity Center (successor to AWS Single Sign-On), you now have more control over user session management. You can use the console to set customized session lengths (up to 7 days), based on your organization’s security requirements and desired end-user experience. With this feature, you can also terminate sessions, enabling you to manage sessions that are no longer needed or potentially suspicious.
Now, you can set the session duration between 15 minutes and 7 days (default 8 hours), enabling you to tune the duration in which signed-in users can access the AWS user portal and AWS accounts before authenticating again. In addition to supporting custom session durations up to 7 days, the new feature also enables you to look up active user portal sessions by user and terminate sessions as needed to remain secure against unwanted access. For example, you can shut down sessions for recently terminated workforce members, sessions a user failed to sign out of on a second device, or sessions that you have determined have suspicious activity.
IAM Identity Center helps you securely create or connect your workforce identities and manage their access centrally across AWS accounts and applications. IAM Identity Center is the recommended approach for workforce authentication and authorization on AWS for organizations of any size and type. The service is built on and included as part of AWS IAM at no additional cost in the AWS Regions listed here. To learn more about IAM Identity Center, see the feature page.
For information about session management features, see Configure User Portal Session Duration in the IAM Identity Center User Guide.