Security logout for clinical researchers

Allie Hajian
  • Updated

To comply with regulatory standards for clinical researchers working with sensitive data, Terra will enable a feature that logs out of a session after 15 minutes of idle time. This article outlines the steps to follow to enable this feature and what you can expect from the timeout. 

How to enable the timeout

Clinical groups need to take action to enable the timeout feature, following the steps below.

Step 1. Create a group in Terra

For example, a clinical lab creates a managed group such as "my-15-minute-signout-group"). To learn about managed groups in Terra, click here.

1.1. Go to "Main menu" --> "Profile" --> "Groups" by selecting the three lines at the top left:
Main menu to groups page Screenshot

1.2. Click on "Create a New Group" at the top left of the groups page

1.3. Give your group a name (only letters, numbers, underscores and dashes allowed)

1.4. Select the "Create Group" button

Note that by default, you will be the admin/owner of any group you create.

Step 2: Have support set up security logout

2.1. Contact support@terra.bio, with the group name and inform them that you need the 15 minute timeout enabled for the group "my-15-minute-signout-group"

2.2.You'll receive a communication from Terra when your group has been added to the timeout access list and the 15-minute timeout is enabled for all group members

You can add Terra users to the group within the  "Main menu" --> "Profile" --> "Groups" page.

What to expect during a security logout

Terra keeps track of idle time for recognized clinical users (see below how to set up this functionality). Much like a bank (and for similar security reasons), the system will automatically log out after 15 minutes of idle time. This limits how long sensitive information remains visible on the screen for someone else to see. Read on for details of this feature.  

1. One or two minutes before the 15 minute idle period is up, you'll get a warning screen asking if you want to extend the session:
Expiring session Screen Shot

2. If you choose to extend your session, you'll stay on the same screen.

3. If you don't extend, you’ll be logged out and data will no longer be visible on the screen.

4. A dialog box will inform you that your session has expired.

Security timeout when working in multiple tabs or windows

If you have multiple tabs or multiple windows open, the one that is most recently active drives the timer. 

If you close your tab at any time, the timer will continue and you will be logged out after a total of 15 minutes. For example, if you close a tab after it was idle for ten minutes, you'll get logged out after five additional minutes.

How timeout works if you have multiple Google accounts

Note that you will be logged out of all Google accounts you are logged into in the browser and you will have to relog into all accounts. To avoid being logged out of other Google accounts, open a private browsing session (incognito mode) when logging into a clinical account.

NIST security requirements

This functionality covers NIST AC-11 and AC-12 requirements (session lock and session timeout).

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.