Authpoint - Access Portal Cookies
We have an issue with authpoint SAML in conjunction with the Access Portal.
When closing the Access Portal web interface, the authentication cookie stays active/valid for the time-out threshold set under Authentication > Settings > Firewall Authentication.
When users close their browser and let's say re-open it, or someone else does, within the time-out settings threshold, they have access right away without having to re-authenticate.
This is a big security risk!
Is there an option to remove the cookie on browser window close?
We know a user should use the 'Log Out' button, but you know how users are, they just close a window.
Is this available/manageable with the Access Portal and Authpoint SAML.
Close browser -> delete cookie -> open browser, re-authenticate!
(even though it was within Session/Idle threshold under Authentication > Settings > Firewall Authentication).