Home
Support
Product Support
Routers
Cisco SD-WAN
Configuration Guides

Cisco Catalyst SD-WAN User Management Guide, Releases 26.x and Later

View all Saved Content

PDF

Is this content helpful?

Helpful Unhelpful

Suggestions for Improvement

Thank you for your feedback. Your response has been recorded.

Ask about this content

Cisco Catalyst SD-WAN User Management Guide, Releases 26.x and Later

Expand all sections

About this content

Users and Access

Users and access
Account lockout
User sessions
Ciscotac user access

Password Management

Hardened passwords
Type 6 passwords

Authentication

Authentication
Authentication order
Authentication fallback mechanism
Duo Multi-factor authentication
RADIUS authentication
SSH authentication
IEEE 802.1X authentication
Authentication, Authorization, and Accounting
Posture assessment support

Role-Based Access Control

Role-Based Access Control
Restrictions for configuring RBAC
RBAC by VPN
RBAC with AAA
User authorization rules for operational and configuration commands
RBAC by scope
Granular RBAC
RBAC for policies
Configure RBAC for CFlowd policy
Assigning roles to users defined by identity providers
Configure RBAC
Prerequisites for Application Catalog features
Manage user group permissions
Configure Users
Configure user sessions
Configure VPN segments
Configure VPN groups
Verify granular RBAC permissions
Monitor devices for VPN groups

User sessions

Updated: April 24, 2026

Want to summarize with AI?

On this page

User sessions

Restrictions for configuring user sessions

Client Session Timeout
Session Lifetime
Server Session Timeout

Configure a client session timeout in SD-WAN Manager

Configure a session lifetime in SD-WAN Manager

Configure the Server Session Timeout in SD-WAN Manager

Set the maximum sessions per user role

Describes user session management, highlighting session configuration concepts, restrictions, client and server session timeout settings in SD-WAN Manager, session lifetime configuration, and enabling maximum session limits per user.

User sessions

A user session is a period of interaction between a user and a system that

begins when the user successfully authenticates or logs in
maintains state and context for the user’s activities, and
ends when the user logs out or the session expires due to inactivity or timeout.

Restrictions for configuring user sessions

Client Session Timeout

You can edit Client Session Timeout in a multitenant environment only if you have provider access.

Session Lifetime

You can edit Session Lifetime in a multitenant environment only if you have provider access.

Server Session Timeout

You cannot access Server Session Timeout in a multitenant environment, even if you have provider access or tenant access.

Configure a client session timeout in SD-WAN Manager

Use this procedure to set a client session timeout in Cisco SD-WAN Manager. When a timeout is set, such as no keyboard or keystroke activity, the client is automatically logged out of the system.

Before you begin

You can edit Client Session Timeout in a multitenant environment only if you have a Provider access.

Procedure

	1.	From the Cisco SD-WAN Managermenu, choose Administration > Settings.
	2.	Click User Sessions.
	3.	Under Client Session Timeout, click Session Timeout.
	4.	Specify the timeout value, in minutes.
	5.	Click Save.

Configure a session lifetime in SD-WAN Manager

Use this procedure to specify how long to keep your session active by setting the session lifetime, in minutes.

A session lifetime indicates the amount of time for which a session can be active. If you keep a session active without letting the session expire, you will be logged out of the session in 24 hours, which is the default session timeout value.

The default session lifetime is 1440 minutes or 24 hours.

Before you begin

You can edit Session Lifetime in a multitenant environment only if you have a Provider access.

Procedure

	1.	From the Cisco SD-WAN Manager menu, choose Administration > Settings.
	2.	Click User Sessions.
	3.	In the SessionLifeTime Timeout (minutes) field, specify the session timeout value, in minutes, from the drop-down list.
	4.	Click Save.

Configure the Server Session Timeout in SD-WAN Manager

Use this procedure to configure the Server Session Timeout in Cisco SD-WAN Manager.

The Server Session Timeout indicates how long the server should keep a session running before it expires due to inactivity. The default server session timeout is 30 minutes.

Procedure

	1.	From the Cisco SD-WAN Manager menu, choose Administration > Settings.
	2.	Click User Sessions.
	3.	In Server Session Timeout Timeout(minutes) field, specify the timeout value, in minutes.
	4.	Click Save.

Set the maximum sessions per user role

You can configure the maximum number of concurrent login sessions for each configured user role. This maximum value applies to all users assigned to that role.

If the Max Sessions Per User value for the netadmin role is set to 3, then each user assigned to the netadmin role can have up to 3 concurrent login sessions across the platform. If a fourth session is initiated by one of those users, an error message appears.

Range for Max Sessions Per User: 1 to 255.

Default: If undefined, there is no limit on the number of concurrent sessions for that role.

The value also applies to CLI sessions.

Procedure

	1.	From the Cisco SD-WAN Manager menu, choose Administration > Users and Access > Roles . The Max user sessions value is displayed for each defined role, including both default and custom roles.
	2.	Click the role name, edit the Max user sessions value, and click Update. Note From Cisco Catalyst SD-WAN Manager Release 20.18.1, the previous method for changing this value in Settings > Trust and Privacy is no longer supported. If a Max user sessions value has been defined on your system by that method, that value serves as the maximum value for all user roles until changed.

Need help?

Open a support case

(Requires a Cisco Service Contract)

Bias-free language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.