Ir al contenido
Se marcó esta pregunta
2FAOnline
3 Respuestas
5627 Vistas
Avatar
V

Hello everyone.

I want to enforce multi-factor authentication for all users in my database. 

Users are configuring the 2FA but then saving the login on their browsers. This defeats the purpose of multi-factor authentication and is raising concerns with IT auditors.

Is there a way to enforce a session timeout so that every time they have to login, they will have to go through the 2FA?

Thank you for your help.

Avatar
Descartar
Avatar
JB
Mejor respuesta

adding session_lifetime = 3600 in the configuration file (value in seconds)

Or

Try the Module :

Inactive Sessions Timeout

Avatar
Descartar
Avatar
Cybrosys Techno Solutions Pvt.Ltd
Mejor respuesta

Hi,

Please refer to the modules:

1. https://apps.odoo.com/apps/modules/18.0/auto_logout_idle_user_odoo

2. https://odoo-community.org/shop/inactive-sessions-timeout-544#attr=942899


Hope it helps.

Avatar
Descartar
Avatar
Ritik (Wan Buffer Services)
Mejor respuesta

Implementing session timeouts in Odoo enhances security by ensuring users are logged out after periods of inactivity, thereby reinforcing multi-factor authentication (MFA) protocols. To configure session timeouts in Odoo, consider the following approaches:​

1. Adjust Odoo Configuration Settings:

Modify the session_gc parameter in the Odoo configuration file (odoo.conf) to define the session expiration period. For example, setting session_gc = 3600 will expire sessions after one hour of inactivity. After making this change, restart the Odoo server to apply the new settings. ​

2. Utilize Third-Party Modules:

Several modules are available to manage session timeouts:​

  • Inactive Sessions Timeout: This module allows you to set a specific duration for session validity. After the defined period of inactivity, users are automatically logged out. You can configure the session timeout by setting the inactive_session_time_out_delay parameter, which defines the validity of a session in seconds (default is 2 hours). ​
  • Activity Session Timeout: This module enables automatic logout of inactive users after a specified time. The default session timeout is 5 minutes, but it can be adjusted by modifying the activity_session_timeout_key parameter in the system settings. 

3. Implement Custom Development:

If existing modules do not meet your specific requirements, custom development can be undertaken to create a tailored session timeout mechanism. This approach allows for precise control over session management, aligning with your organization's security policies.​

At Wan Buffer Services, we have extensive experience in customizing Odoo to enhance security measures, including implementing session timeouts to ensure compliance with IT audit requirements.

Avatar
Descartar
V
Autor

Hello Ritik,
thank you for your answer.
Please note that the database is hosted online (enterprise). Can this be done on Odoo online?

Josep Anton Belchi Riera

Hello V,
It is not possible to modify the configuration file "odoo.conf", or install modules in Odoo Saas, unless it is Odoo.sh.

JB

adding session_lifetime = 3600 in the configuration file (value in seconds)

Publicaciones relacionadas Respuestas Vistas Actividad
Events Visibility to Different Portal Groups
saas Online
Avatar
0
ago 24
1557
Online Odoo E-shop and specific Greek taxes mydata/aade request ...
shop Online
Avatar
0
jul 24
1807
Decimals in Pricing
Odoo17 Online
Avatar
Avatar
2
jun 24
3612
Mac versus Windows Online version differences
windows macosx Online
Avatar
0
ene 25
1464
How to get Logged In user for Intercom Identity Verification
javascript website Online
Avatar
0
dic 24
1962