Extend options for hubspot user session timeout length
Currently HubSpot limits user session timeout length to a max of 1 day.
As a user: I may take a single day off or find myself not utilizing the HubSpot interface for a day, resulting in the requirement to login again.
As an admin: I am not in HubSpot every day, but I might be in it 2-3 times a week, each of them requiring me to log in again.
As an SSO/SCIM admin: I am annoyed that HubSpot's limited options block me from properly managing security in a way that best suits my organization.
Earlier this year HubSpot did not provide control over this and sessions were indefinite. Now it seems the pendulum has swung to anothe extreme. (e.g. it is difficult to imagine anyone wanting 15 minute session inactivity timeouts)
Please give admins the ability to set a more reasonable session timeout length!
Our organisation needs this token duration expanded too to at least 7 days, and I concur with the post from albertorizzoli that this artificially small window deviates from standard and accepted security practices.
I have set the session duration to the maximum allowed time — 3 days, but even so, I get logged out multiple times a day. It would be fine if I just had to click the 'login' button, but instead, both I and all other users have to manually enter the email address each time before proceeding with Google authentication.
I have 4 questions:
1. Why do I have to manually enter my email address every time, even though I use corporate Google authentication? 2. Why does the session expire more frequently than every 3 days? 3. Why can't the session duration be extended beyond 3 days? 4. Do you need help fixing this bug? I have a team of developers who can identify and fix this issue if you are unable to.
I feel like reporting bugs should be done on LinkedIn since it's not working here.
I agree it should be more than 3 days - 7 or 31 would get my vote. I am finding an additional issue here I would like to check: we use the Hubspot Outlook add-in which authenticates via SSO but that does not seem to be obeying the 3 day limit (I do have that set up). Is the add-in timeout controlled by a different mechanism?
Love the idea of having more control over session timeout. We'd actually like the opposite — to have a quicker session timeout so that we can more readily switch folks between chatflows as they change state. At present, so long as the chatflow has a remembered history, they're locked into that chatbot...even if they switch from, say, lead state to customer state and we'd prefer if the customer-facing chatbot trigger.