Focus Without Distraction: Newly Extended Blackbaud ID Inactivity Timeout! 4962

Focus Without Distraction: Newly Extended Blackbaud ID Inactivity Timeout!

Last year, due to findings from a Payment Card Industry Data Security Standards (PCI DSS) audit, Blackbaud ID implemented a 15-minute inactivity timeout.  However, based on customer feedback, it became clear 15 minutes was simply too short a duration, disrupting your day with unnecessary timeouts as you multi-task in front of your computer or take time to make deliberate decisions in your Blackbaud solution. In response, the Blackbaud Identity, Security, and Compliance teams worked to reevaluate whether PCI DSS requirements truly applied to Blackbaud ID inactivity timeouts. 
Upon further review, they determined that PCI DSS requires only an “appropriate” — not a set 15 minutes — timeout for those using Blackbaud ID-supported solutions. Based on conversations with customers and key stakeholders across multiple solutions, they identified 90 minutes as an appropriate inactivity timeout. As a result, Blackbaud ID now times out after 90 minutes of inactivity instead of 15!
Has the timeout been extended for Blackbaud hosted solutions (eg RE7) or Raiser’s Edge or Financial Edge NTX’s Database View?
Not yet. We intend to extend the timeout beyond 15 minutes for other Blackbaud experiences. This would include Raiser’s Edge NXT & Financial Edge NXT Database View. We will be rolling out updates in time. Exact timing is to be determined, however we will keep the communities posted as the release details unfold. 

What happens if I use single sign-on (SSO) through Blackbaud ID and the inactivity timeout/time-to-live (TTL) of my identity provider (IdP) is less than 90 minutes? 
Your Blackbaud ID automatically signs out after 90 minutes of inactivity, regardless of your IdP's TTL.
Does SSO through Blackbaud ID support single log-out (SLO)? 
Blackbaud ID's SSO capability doesn't currently support SLO. To completely sign out, sign out of both your Blackbaud ID and your IdP separately.
Thanks for your time (including the extra 75 minutes)!
News Organizational Best Practices Blog 08/29/2018 11:42am EDT

Leave a Comment

Agree, log-ins are a huge time sucker.
Super exciting news! 
Thank you!!
This is such a great change, very appreciated!
Cammi Derr Cammi Derr Aug '18
Great news! Thank you!
Thank you so much for extending this time period!  It will be so helpful!
Thank you - our community will be very happy!
Great News I can actually take a lunch break and still have connection when i get back.  Thanks.
Great! What about extending the timeout for WebPortal/WebInvoicing as well?
Thank you! This is so helpful!
Thank you! So appreciated!!!
Thank you, thankyou, thank you!
Thank you!!  This is extremely helpful!
Rob- based on the updated guidance we are extending the timeout beyond 15 minutes to other Blackbaud experiences. This would include hosting, RE & FE NXT DB views. I am unable to commit exact timing, however we will keep the communities posted once we have the changes confirmed. 
Tracy Jen Tracy Jen Aug '18
Good news, especially for Visitor Services!
Hurray!  Ca new do this on the Hosted Database view as well?