This topic describes the validity periods of logon sessions in which you log on to the CloudSSO user portal and access an account in your resource directory.
Validity period of a logon session in which you log on to the CloudSSO user portal
The validity period of a logon session in which you log on to the CloudSSO user portal is 8 hours. If a logon session expires, you must log on to the CloudSSO user portal again. The validity period of this logon session cannot be modified.
Validity period of a logon session in which you access an account in your resource directory
After you log on to the CloudSSO user portal, you can access an account in your resource directory as a Resource Access Management (RAM) role or a RAM user.
Log on as a RAM role
The session duration is determined by two settings: the Session Duration in the CloudSSO access configuration and the Logon Session Validity Period in the security settings of RAM users. The effective duration is the minimum of these two values.
The Session Duration in an access configuration is shown in the following figure. A CloudSSO administrator can click Edit to change this setting. The value can range from 900 to 43,200 seconds, with a default of 3,600 seconds.
For more information, see Modify the basic information about an access configuration.
The Logon Session Validity Period in the security settings of RAM users is shown in the following figure. A RAM administrator can click Modify RAM User Security Settings to change this setting. The value can range from 1 to 24 hours, with a default of 6 hours.
For more information, see Manage security settings of RAM users.
Log on as a RAM user
The session duration is determined by two settings: the Session Time in the RAM user synchronization configuration in CloudSSO and the Logon Session Validity Period in the security settings of RAM users. The effective duration is the minimum of these two values.
The Session Time in the RAM user synchronization configuration in CloudSSO is shown in the following figure. A CloudSSO administrator can click Edit to change this setting. The value can range from 1 to 24 hours, with a default of 6 hours.
The Logon Session Validity Period in the security settings of RAM users is shown in the following figure. A RAM administrator can click Modify RAM User Security Settings to change this setting. The value can range from 1 to 24 hours, with a default of 6 hours.
For more information, see Manage security settings of RAM users.
Usage notes
A new session is generated each time you access an account in your resource directory from the CloudSSO user portal. If the logon session in which you log on to the CloudSSO user portal expires, the validity period of the logon session in which you access an account in your resource directory is not affected.
If the logon session in which you access an account in your resource directory expires within the validity period of the logon session in which you log on to the CloudSSO user portal, you can access the account in your resource directory again from the CloudSSO user portal.
The validity period of a logon session is not affected regardless of whether you perform operations in the console. You must log on again after a logon session expires.
References
Log on to the CloudSSO user portal and access Alibaba Cloud resources