From 5599d9db3b14753316f143c2bac26a20121a5df3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Cie=C5=9Blak?= Date: Mon, 27 May 2024 17:14:19 +0200 Subject: [PATCH 1/3] Add docs for web_idle_timeout --- docs/pages/connect-your-client/web-ui.mdx | 53 ++++++++++++++++++++++- 1 file changed, 52 insertions(+), 1 deletion(-) diff --git a/docs/pages/connect-your-client/web-ui.mdx b/docs/pages/connect-your-client/web-ui.mdx index 6b74fcc0bb854..887c66fcd0427 100644 --- a/docs/pages/connect-your-client/web-ui.mdx +++ b/docs/pages/connect-your-client/web-ui.mdx @@ -29,4 +29,55 @@ From the active sessions list, click **Join** and select a participant mode to j You must have the `join_sessions` allow policy in a role you've been assigned to join sessions in any participant mode. For information about how to configure the `join_sessions` allow policy and participant modes for a role, see -[Configure an allow policy](../access-controls/guides/moderated-sessions.mdx#configure-an-allow-policy). \ No newline at end of file +[Configure an allow policy](../access-controls/guides/moderated-sessions.mdx#configure-an-allow-policy). + +## Idle timeout + +After the user logs in, the Teleport Web UI checks every 30 seconds if the session is inactive. If +so, it logs out the user. A session is considered inactive if more than 10 minutes have passed since +the user last interacted with any Web UI browser tab, either through keyboard input or mouse +movement and clicks. + +The default idle timeout of 10 minutes can be adjusted in the Auth Service configuration through the +`web_idle_timeout` setting. + + + + +Use `tctl` to edit the `cluster_networking_config` value: + +```code +$ tctl edit cluster_networking_config +``` + +Change the value of `spec.web_idle_timeout` to `saml`: + +```yaml +kind: cluster_networking_config +metadata: + ... +spec: + ... + web_idle_timeout: 10m0s + ... +version: v2 +``` + +After you save and exit the editor, `tctl` will update the resource: + +```text +cluster networking configuration has been updated +``` + + + + +Update `/etc/teleport.yaml` in the `auth_service` section and restart the `teleport` daemon. + +```yaml +auth_service: + web_idle_timeout: 10m0s +``` + + + From ec0c61a001469562aee74de07af9efc7ecdcd841 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Cie=C5=9Blak?= Date: Fri, 31 May 2024 15:08:43 +0200 Subject: [PATCH 2/3] Remove leftovers from copying tabs from another page --- docs/pages/connect-your-client/web-ui.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/pages/connect-your-client/web-ui.mdx b/docs/pages/connect-your-client/web-ui.mdx index 887c66fcd0427..af0c1e4d7721c 100644 --- a/docs/pages/connect-your-client/web-ui.mdx +++ b/docs/pages/connect-your-client/web-ui.mdx @@ -50,7 +50,7 @@ Use `tctl` to edit the `cluster_networking_config` value: $ tctl edit cluster_networking_config ``` -Change the value of `spec.web_idle_timeout` to `saml`: +Change the value of `spec.web_idle_timeout`: ```yaml kind: cluster_networking_config From 59fd8db6606fe83b9dd04aebb4f64749a70722ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Cie=C5=9Blak?= Date: Fri, 31 May 2024 15:13:20 +0200 Subject: [PATCH 3/3] Rephrase docs to target end users --- docs/pages/connect-your-client/web-ui.mdx | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/docs/pages/connect-your-client/web-ui.mdx b/docs/pages/connect-your-client/web-ui.mdx index af0c1e4d7721c..404906f43ec2a 100644 --- a/docs/pages/connect-your-client/web-ui.mdx +++ b/docs/pages/connect-your-client/web-ui.mdx @@ -33,13 +33,12 @@ For information about how to configure the `join_sessions` allow policy and part ## Idle timeout -After the user logs in, the Teleport Web UI checks every 30 seconds if the session is inactive. If -so, it logs out the user. A session is considered inactive if more than 10 minutes have passed since -the user last interacted with any Web UI browser tab, either through keyboard input or mouse -movement and clicks. +After you log in, the Teleport Web UI checks every 30 seconds if your session is inactive. If so, it +logs you out. A session is considered inactive if more than 10 minutes have passed since you last +interacted with any Web UI browser tab, either through keyboard input or mouse movement and clicks. -The default idle timeout of 10 minutes can be adjusted in the Auth Service configuration through the -`web_idle_timeout` setting. +To change the default idle timeout of 10 minutes, ask your cluster admin to adjust the +`web_idle_timeout` setting in the Auth Service configuration.