Welcome to Gimasys!
Hotline: +84 974 417 099 (HCM) | +84 987 682 505 (HN) gcp@gimasys.com
Blog

Session duration control for Google Cloud Console and gcloud CLI

What is changing?  

Google has publicly opened a beta to G Suite, Google Cloud Platform (GCP) and administrator Cloud Identity You can set a fixed session duration for specific applications and services. After the session expires, the user will need to re-enter the login information and continue to access: :

  • GCP Cloud Console
  • gcloud command-line tool
  • Any other application that requires Cloud admin scope  

Settings can be customized for specific organizational units. 

Note that this is designed to work on the web. However, the setting will apply to authentication on all platforms, including web and mobile apps where they exist. As a result, affected mobile apps may not function correctly when the feature is enabled.

Who is affected? 

Only administrator

Why are you using it? 

Many applications and services include sensitive data, and it is important that only specific users can access that information. . By requiring re-authentication, you can make it difficult for others to get that data if they gain unauthorized access to the device. 

How to get started? 

  • Admins: Find session length control at Admin console > Security > Google Cloud session control (Beta). See google's Help Center to learn more about how set session duration for Google Cloud service
  • End users: If a session ends, users simply log back into their account using the familiar Google sign-in flow. 

Additional details  

Third-party SAML identity provider and session duration control. 

If your organization uses a third-party SAML-based identity provider, cloud sessions expire, but users can be transparently re-authenticated. i.e. not actually asked for their credentials) if their session with a valid IdP at the time. This is intentional, as Google will redirect the user to the IdP and accept the validation from the IdP. To ensure that the user is re-authenticated, be sure to match the session timeout at the IdP with the session length you want to enforce.

Provides fixed time control (non-activity based) 

Note that the new session control is a fixed time limit – it does not look for session activity or “idle time”. At the moment, Google Cloud and G Suite (Google Workspace customers) does not support activity-based session expiration. 

Re-authentication option 

When choosing a session length, the administrator will be able to choose: 

  • Between a range of preset session lengths, or set up a custom session length.  
  • Whether the user needs the usual login information (password and, if configured, 2-step authentication), or request security key to re-authenticate

Session duration control for Google Cloud Console and gcloud CLI 1

Update: Gimasys

Related Posts

Back To Top
phone number
0974 417 099