You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: website/content/docs/concepts/iam.mdx
+1-4Lines changed: 1 addition & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -54,14 +54,11 @@ With the [OIDC](/boundary/tutorials/identity-management/oidc-auth) and LDAP auth
54
54
as the auth method. The accounts and users are only created once the user authenticates to Boundary for the first time.
55
55
The same applies to OIDC/LDAP [managed groups](/boundary/tutorials/identity-management/oidc-idp-groups).
56
56
57
-
<Note>
58
-
59
57
You can configure the `max_age` in the [OIDC attributes](/boundary/docs/concepts/domain-model/auth-methods#oidc-auth-method-attributes) to indicate to the OIDC provider how much time is allowed to pass until a user is challenged to authenticate again.
60
58
However, the user will not be prompted to authenticate until the controller's `auth_token_time_to_live`[parameter](/boundary/docs/configuration/controller#auth_token_time_to_live) has expired.
61
59
The default value is 7 days.
62
-
At this time, HCP Boundary users cannot configure the `auth_token_time_to_live` for a controller, so that value always equals the default of 7 days.
63
60
64
-
</Note>
61
+
To configure time to live in HCP Boundary, refer to [Configure authentication time to live](/hcp/docs/boundary/configure-ttl).
65
62
66
63
### Grant permissions
67
64
When setting up access controls for a user, it is important to first consider which scope(s) the user needs access to. Roles give users permission to perform actions through grants strings.
Copy file name to clipboardExpand all lines: website/content/docs/configuration/controller.mdx
-2Lines changed: 0 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -88,8 +88,6 @@ description will be read.
88
88
to all tokens from all auth methods). Valid time units are anything specified by Golang's
89
89
[ParseDuration()](https://golang.org/pkg/time/#ParseDuration) method. Default is 7 days.
90
90
91
-
Note that you cannot set a maximum time to live for auth tokens in HCP Boundary at this time. For HCP Boundary, all auth tokens' maximum time to live equal the default of 7 days.
92
-
93
91
-`auth_token_time_to_stale` - Maximum time of inactivity for all auth tokens globally (pertains
94
92
to all tokens from all auth methods). Valid time units are anything specified by Golang's
95
93
[ParseDuration()](https://golang.org/pkg/time/#ParseDuration) method. Default is 1 day.
0 commit comments