{"id":12932,"date":"2023-04-28T15:06:53","date_gmt":"2023-04-28T08:06:53","guid":{"rendered":"https:\/\/gcloudvn.com\/?p=12932"},"modified":"2023-08-16T14:19:21","modified_gmt":"2023-08-16T07:19:21","slug":"google-workspace-tang-cuong-bao-mat-bang-cach-giam-thoi-gian-mac-dinh-moi-session","status":"publish","type":"post","link":"https:\/\/gcloudvn.com\/en\/kienthuc\/google-workspace-tang-cuong-bao-mat-bang-cach-giam-thoi-gian-mac-dinh-moi-session\/","title":{"rendered":"Improving your security with shorter Session Length default"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_80 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/google-workspace-tang-cuong-bao-mat-bang-cach-giam-thoi-gian-mac-dinh-moi-session\/#Co_gi_thay_doi\" >What\u2019s changing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/google-workspace-tang-cuong-bao-mat-bang-cach-giam-thoi-gian-mac-dinh-moi-session\/#Ai_bi_anh_huong\" >Who\u2019s impacted<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/google-workspace-tang-cuong-bao-mat-bang-cach-giam-thoi-gian-mac-dinh-moi-session\/#Tai_sao_lai_su_dung\" >Why you\u2019d use it<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/google-workspace-tang-cuong-bao-mat-bang-cach-giam-thoi-gian-mac-dinh-moi-session\/#Thong_tin_them\" >Additional details<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/google-workspace-tang-cuong-bao-mat-bang-cach-giam-thoi-gian-mac-dinh-moi-session\/#Kiem_soat_phien_Google_Cloud\" >Google Cloud session controls<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/google-workspace-tang-cuong-bao-mat-bang-cach-giam-thoi-gian-mac-dinh-moi-session\/#Nha_cung_cap_danh_tinh_SAML_ben_thu_ba_va_kiem_soat_thoi_luong_phien\" >Third-party SAML identity providers and session length controls<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/google-workspace-tang-cuong-bao-mat-bang-cach-giam-thoi-gian-mac-dinh-moi-session\/#Ung_dung_dang_tin_cay\" >Trusted applications<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/google-workspace-tang-cuong-bao-mat-bang-cach-giam-thoi-gian-mac-dinh-moi-session\/#Bat_dau\" >Getting started<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/google-workspace-tang-cuong-bao-mat-bang-cach-giam-thoi-gian-mac-dinh-moi-session\/#Thoi_gian_trien_khai\" >Rollout pace<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/gcloudvn.com\/en\/kienthuc\/google-workspace-tang-cuong-bao-mat-bang-cach-giam-thoi-gian-mac-dinh-moi-session\/#Tinh_kha_dung\" >Availability<\/a><\/li><\/ul><\/nav><\/div>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Co_gi_thay_doi\"><\/span><strong>What\u2019s changing<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">To further improve security for our customers, Google are changing the default session length to 16 hours for existing Google Cloud customers. Note that this update refers to managing user connections to <a href=\"https:\/\/gcloudvn.com\/en\/google-cloud-platform\/\">Google Cloud<\/a> (e.g. Google Cloud console), not connections to Google services (e.g. Gmail on the web).<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">For existing customers who have session length configured to Never Expire, Google are updating the session length to 16 hours. See below for more information.<\/span><\/p>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Ai_bi_anh_huong\"><\/span><b>Who\u2019s impacted<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Admins, End Users and Developers<\/span><\/p>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Tai_sao_lai_su_dung\"><\/span><b>Why you\u2019d use it<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Many apps and services can access sensitive data or perform sensitive actions. Because of this, managing session length is foundational to cloud security and compliance. It ensures that access to the Google Cloud Platform is finite after a successful authentication, which helps deter bad actors should they gain access to credentials or devices.<\/span><\/p>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Thong_tin_them\"><\/span><b>Additional details<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Kiem_soat_phien_Google_Cloud\"><\/span><strong>Google Cloud session controls<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">For existing customers who have session length configured to Never Expire, Google are updating the session length to 16 hours. This ensures customers do not mistakenly grant infinite session length to users or apps using Oauth user scopes. After the session expires, users will need to re-enter their login credentials to continue their access. This impacts the following:<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Google Cloud Console<\/span><span style=\"font-weight: 400;\">\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">gcloud command-line tool\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Any other app that requires Google Cloud scopes <\/span><span style=\"font-weight: 400;\">Google Cloud scopes<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Settings can be customized for specific organizations, and will impact all users within that org. This is a timed session length that expires the session regardless of the user's activity. When choosing a session length, admins have the following options:<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Choose from a range of predefined session lengths, or set a custom session length from 1 and 24 hours.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Configure whether users need just a password, or require a Security Key to <\/span><a href=\"https:\/\/support.google.com\/accounts\/answer\/6103523\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">re-authenticate<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Nha_cung_cap_danh_tinh_SAML_ben_thu_ba_va_kiem_soat_thoi_luong_phien\"><\/span><strong>Third-party SAML identity providers and session length controls<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">If your organization uses a third-party SAML-based identity provider (IdP), the cloud sessions will expire, but the user may be transparently re-authenticated (i.e. without actually being asked to present their credentials) if their session with the IdP is valid at that time. This is working as intended, as Google will redirect the user to the IdP and accept a valid assertion from the IdP. To ensure that users are required to re-authenticate at the correct frequency, evaluate the configuration options on your IdP and review the Help Center article to <\/span><a href=\"https:\/\/support.google.com\/a\/topic\/7579248?hl=en&amp;ref_topic=7556686\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">Set up SSO via a third party Identity provider<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<h3 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Ung_dung_dang_tin_cay\"><\/span><strong>Trusted applications<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Some apps are not designed to gracefully handle the re-authentication scenario, which can cause confusing app behavior. Other apps are deployed for server-to-server purposes via user credentials \u2014 because they don\u2019t require service account credentials, they are not prompted to periodically re-authenticate.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">If you have specific apps like this, and you do not want them to be impacted by session length reauthentication, the org admin can <\/span><span style=\"font-weight: 400;\">add these apps to the trusted list for your organization.<\/span><span style=\"font-weight: 400;\">This will exempt the app from session length constraints, while implementing session controls for the rest of the apps and users within the organization.<\/span><\/p>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Bat_dau\"><\/span><b>Getting started<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Admins: For customers who have their session length set to \"Never Expire\", your session length will reset to 16 hours. It can be turned off or modified at the OU level. Visit the Help Center article to learn how to set session length for Google Cloud services for your organization.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">End users: If a session ends, users will simply need to log in to their account again using the familiar Google login flow.<\/span><\/li>\n<\/ul>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Thoi_gian_trien_khai\"><\/span><b>Rollout pace<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Rapid Release and Scheduled Release domains: Extended rollout (potentially longer than 15 days for feature visibility) starting on March 15, 2023.<\/span><\/li>\n<\/ul>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Tinh_kha_dung\"><\/span><b>Availability<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Available to all <a href=\"https:\/\/gcloudvn.com\/en\/google-workspace\/\">Google Workspace customers<\/a> v\u00e0 Cloud Identity, c\u0169ng nh\u01b0 kh\u00e1ch h\u00e0ng G Suite Basic v\u00e0 Business c\u0169<\/span><\/li>\n<\/ul>\n<p class=\"p1\" style=\"text-align: justify;\">For more detailed product information or to need technical support, you can contact Gimasys - Premier Partner of Google in Vietnam at the following information:<\/p>\n<ul class=\"ul1\" style=\"text-align: justify;\">\n<li class=\"li2\"><b>Hotline:\u00a0<\/b>0974 417 099 (HCM) | 0987 682 505 (HN)<\/li>\n<li class=\"li3\"><span class=\"s3\"><b>Email:\u00a0<\/b><a href=\"mailto:gcp@gimasys.com\"><span class=\"s4\">gcp@gimasys.com<\/span><\/a><\/span><\/li>\n<\/ul>\n<p class=\"p4\" style=\"text-align: right;\"><b>Source: <\/b><span class=\"s5\"><b>Gimasys<\/b><\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>C\u00f3 g\u00ec thay \u0111\u1ed5i \u0110\u1ec3 c\u1ea3i thi\u1ec7n h\u01a1n n\u1eefa t\u00ednh b\u1ea3o m\u1eadt cho kh\u00e1ch h\u00e0ng c\u1ee7a m\u00ecnh, Google s\u1ebd thay \u0111\u1ed5i th\u1eddi l\u01b0\u1ee3ng phi\u00ean m\u1eb7c \u0111\u1ecbnh th\u00e0nh 16 gi\u1edd cho c\u00e1c kh\u00e1ch h\u00e0ng hi\u1ec7n t\u1ea1i c\u1ee7a Google Cloud. L\u01b0u \u00fd&hellip;<\/p>","protected":false},"author":2,"featured_media":12937,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[134],"tags":[],"class_list":["post-12932","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-google-workspace","entry","has-media"],"_links":{"self":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/posts\/12932","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/comments?post=12932"}],"version-history":[{"count":0,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/posts\/12932\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/media\/12937"}],"wp:attachment":[{"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/media?parent=12932"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/categories?post=12932"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gcloudvn.com\/en\/wp-json\/wp\/v2\/tags?post=12932"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}