Security tab

The Security tab provides a way to specify a maximum idle timeout. This is the time period (in minutes) when the user does not interact with z/OSMF before the session is closed, and the user is logged out.

Maximum idle timeout

The Maximum idle timeout setting allows admins to limit the idle time in minutes, so that if the user is idle for a certain amount of time, they are logged out.

Admins must first enable the setting by switching the toggle Enable session timeout to on, and then input a value in minutes in the Maximum idle timeout box using the + and - buttons. The minimum value is 2 minutes, and the maximum value cannot exceed the value of the LTPA expiration value.

If the Maximum idle timeout is set to x minutes, and there is no response from the user for x minutes, the user is logged out.

How z/OSMF checks to see whether the user is idle

z/OSMF checks user movements on the graphic user interface. This includes moving the mouse, key down button, mouse wheel, touch start, touch move, scroll, and so on.
  1. If a user makes any movements such as moving the cursor, pressing a key, or scrolling, they are considered active.
  2. If a user has no such movement for the time set in the Maximum idle timeout, they are considered idle.
  3. When the user is considered idle, a popup warning message will appear a minute before the total time set in the Maximum idle timeout is reached.
  4. In the warning message dialog, a user can click Stay Connected to tell z/OSMF that the session is still active.
  5. If Stay Connected is not clicked and the time has exceeded the time set in Maximum idle timeout, the user is logged out.
  6. For a user who uses the client certificate for authentication, the process is the same. z/OSMF will redirect the user to the logon page if the idle time is reached, but the user can return to the z/OSMF main page manually by accessing the z/OSMF URL https://<host>:<port>/zosmf since the certificate is still valid.