Authentication Settings

In Authentication Settings of Global Properties> Remote Access> Endpoint Connect, you can enable a password cache and define timeouts for password retention and re-authentication.

To configure authentication settings:

  • Enable password caching

    • No (default) requires users to enter a password whenever they connect.

    • Yesretains the user password in a cache for a specified period.

  • Cache password for - Password retention period in minutes (default = 1440), if password caching is enabled.

Note - For security reasons, the cache is cleared when the user explicitly disconnects, even if the cache period has not ended.

The cache is useful for re-authentications and automatic connections triggered by the Always-Connect feature.

  • Re-authenticate - Authentication timeout in minutes (default is 480 minutes), after which users must re-authenticate the current connection.

    By default the re-authentication warning shows five minutes before the authentication timeout expires. To change the time, use the reauth_grace_period parameter in the file on the Security Gateway or in the trac.defaults (refer to The Configuration File):

    trac_client_1.ttm

    Copy
    :reauth_grace_period (
        :gateway (
            :default (10)
        )

    trac.defaults

    reauth_grace_period INT 10 GW_USER 0

    The Re-authentication warning window does not show:

    • Earlier that two minutes from the VPN session start

    • Later than five minutes before the VPN session ends

    If the administrator defines incorrect values, the default "five minutes" is used.

Caching and OneCheck User Settings - In SmartEndpoint-managed clients, if you have OneCheck User Settings enabled, see the OneCheck User Settings in the Endpoint Security Administration Guide.