At WorkRamp, keeping your data secure is our top priority. We are always reviewing security best practice and following a recent review we are updating how user sessions are managed within WorkRamp to better protect your organization’s information.
What’s Changing?
Currently, user sessions last for 30 days before you have to re-authenticate and log back in. Targeting our release on March 24th, we will be moving to a dynamic session model. By default, all your users accounts will be set to the new Weekly (5 days) window.
New Customizable Options:
You can now choose the session duration that best fits your organization's security profile, these can be found in [Settings > Enterprise > General]:
Short (1 hour): Best for organizations with strict compliance needs or those where users frequently access training on shared/public computers. It ensures that if a device is left unattended, the data remains protected.
Daily (12 hours): Ideal for standard corporate environments. It keeps learners logged in for their full workday but secures the account overnight.
Weekly (5 days): The default balance of convenience and security. Great for active learners who jump in and out of the platform throughout the week.
The Best Part: This is a rolling timer, this means, every time a learner navigates to a new page, starts a guide, or opens a resource, the clock resets. Your learners likely won't even notice the change during their active training sessions.
FAQ:
Q: Why is WorkRamp changing session durations?
A: Based on our research into industry best practices (OWASP), we are moving away from 30-day sessions to reduce the window of opportunity for unauthorized access. This change protects your organization’s sensitive training data and aligns with modern security compliance standards.
Q: When does this change go into effect?
A: The new session settings will be live on March 24th.
Q: What is the new default setting?
A: Existing customers will be moved to the Weekly (5 days) setting by default. This provides a balance between high security and a seamless learner experience.
For Learners & End Users
Q: Will I be logged out while I am in the middle of a lesson?
A: No. We use a rolling session timer. This means the timer resets every time you perform an action, such as navigating to a new page, starting a guide, or opening a resource. You will only be logged out if you are completely inactive for the duration of your organization’s set limit.
Q: What happens if my session times out?
A: If you are inactive long enough for a timeout to occur, you will be redirected to the login page. Once you log back in, you can pick up right where you left off.
Q: Will our users notice the change?
A: No, the switch over is seamless and will not impact users who are logged in, and because we utilize a rolling session timer, the countdown only begins when a user is completely inactive. As long as your learners are navigating pages, starting Guides, or opening resources, the timer resets.
For Admins
Q: What do I need to do?
A: Nothing. This change will happen automatically.
Q: Can I change this setting at any time?
A: Yes. Admins can update the session duration at any time within the [Settings > Enterprise > General] section of the WorkRamp dashboard. Changes will apply to all new sessions created after the setting is updated.
Q: Does this affect users who log in via Single Sign-On (SSO)?
A: Yes. While your SSO provider (like Okta or Azure AD) manages the initial authentication, these settings control how long the WorkRamp session remains active once the user has arrived.
Q: Will it impact all users?
A: Yes. To ensure the highest level of security across your entire WorkRamp instance, these session settings apply to all user roles across the Employee Learning Cloud (ELC) and the Customer Learning Cloud (CLC), including Learners, Editors, and Admins. This universal approach ensures that even your most privileged accounts (Admins) are protected by the same rigorous security standards as your learners.
Q:Can we set this back to 30 days?
A: No. To align with modern cybersecurity industry standards, we will retire the 30-day session window. Static, month-long sessions pose an increased security risk if a device is lost, stolen, or left logged in on a public network. Our new maximum limit of Weekly (5 days) offers a much safer environment while still providing a seamless experience for your frequent users.