Focus Without Distraction: Newly Extended Blackbaud ID Inactivity Timeout!
Published
Last year, due to findings from a Payment Card Industry Data Security Standards (PCI DSS) audit, Blackbaud ID implemented a 15-minute inactivity timeout. However, based on customer feedback, it became clear 15 minutes was simply too short a duration, disrupting your day with unnecessary timeouts as you multi-task in front of your computer or take time to make deliberate decisions in your Blackbaud solution. In response, the Blackbaud Identity, Security, and Compliance teams worked to reevaluate whether PCI DSS requirements truly applied to Blackbaud ID inactivity timeouts.
Upon further review, they determined that PCI DSS requires only an “appropriate” — not a set 15 minutes — timeout for those using Blackbaud ID-supported solutions. Based on conversations with customers and key stakeholders across multiple solutions, they identified 90 minutes as an appropriate inactivity timeout. As a result, Blackbaud ID now times out after 90 minutes of inactivity instead of 15!
Has the timeout been extended for Blackbaud hosted solutions (eg RE7) or Raiser’s Edge or Financial Edge NTX’s Database View?
Not yet. We intend to extend the timeout beyond 15 minutes for other Blackbaud experiences. This would include Raiser’s Edge NXT & Financial Edge NXT Database View. We will be rolling out updates in time. Exact timing is to be determined, however we will keep the communities posted as the release details unfold.
What happens if I use single sign-on (SSO) through Blackbaud ID and the inactivity timeout/time-to-live (TTL) of my identity provider (IdP) is less than 90 minutes?
Your Blackbaud ID automatically signs out after 90 minutes of inactivity, regardless of your IdP's TTL.
Does SSO through Blackbaud ID support single log-out (SLO)?
Blackbaud ID's SSO capability doesn't currently support SLO. To completely sign out, sign out of both your Blackbaud ID and your IdP separately.
Thanks for your time (including the extra 75 minutes)!
Upon further review, they determined that PCI DSS requires only an “appropriate” — not a set 15 minutes — timeout for those using Blackbaud ID-supported solutions. Based on conversations with customers and key stakeholders across multiple solutions, they identified 90 minutes as an appropriate inactivity timeout. As a result, Blackbaud ID now times out after 90 minutes of inactivity instead of 15!
Has the timeout been extended for Blackbaud hosted solutions (eg RE7) or Raiser’s Edge or Financial Edge NTX’s Database View?
Not yet. We intend to extend the timeout beyond 15 minutes for other Blackbaud experiences. This would include Raiser’s Edge NXT & Financial Edge NXT Database View. We will be rolling out updates in time. Exact timing is to be determined, however we will keep the communities posted as the release details unfold.
What happens if I use single sign-on (SSO) through Blackbaud ID and the inactivity timeout/time-to-live (TTL) of my identity provider (IdP) is less than 90 minutes?
Your Blackbaud ID automatically signs out after 90 minutes of inactivity, regardless of your IdP's TTL.
Does SSO through Blackbaud ID support single log-out (SLO)?
Blackbaud ID's SSO capability doesn't currently support SLO. To completely sign out, sign out of both your Blackbaud ID and your IdP separately.
Thanks for your time (including the extra 75 minutes)!
News
Organizational Best Practices Blog
08/29/2018 11:42am EDT
Leave a Comment