Use Case:
Organizations want to improve security by automatically logging out users after a period of inactivity. This reduces the risk of unauthorized access if a user leaves their workstation unattended.

The inactivity (authentication) timeout setting for an Access Group in Pega ensures that if a user is inactive in their browser session for a specified number of seconds, they are automatically logged out. Before logout, users receive a warning with options to continue their session or log out.

Steps to Configure Inactivity Timeout for an Access Group

1. Access the Access Group

• Go to Records > Security > Access Group in the navigation panel.
• Select or create the desired Access Group.

2. Open Advanced Settings

• Click the Advanced tab.
• Navigate to the Access Control section.

3. Set Authentication Timeout

• In the Authentication timeout field, enter the number of seconds of inactivity allowed (minimum 60 seconds).
  • Example: Enter 600 for 10 minutes.

4. Save Your Changes

• Save the Access Group configuration.

5. (Optional) Customize Timeout Warning Message

• To change the warning message shown in the timeout popup:
  • Update the localized value for the Rule where:
    • Field value = TimeoutWarning
    • Field name = pyMessageLabel

How It Works

• After the specified inactivity period, a popup warns the user 45 seconds before logout, showing a countdown.
• The popup is accessible: it announces remaining time at 45, 30, 20, 10, and 5 seconds.
• The user can click Continue session (resetting the timer) or Log out.
• If no action is taken, the user is logged out and cached data is cleared. Clipboard and session context remain intact.
• Applies to both Traditional UI and Constellation Portals.
• For offline-enabled apps, the timeout is enforced when the user performs their next action.
• If authentication is managed externally: Leave the field blank to disable this feature.