To specify how inactive SSO-authenticated users are handled
To put a user identified to the SonicWall network security appliance through an SSO mechanism, but no traffic has yet been received from the user, into an inactive state so they do not use resources, select On being notified of a login make the user initially inactive until they send traffic. The users remain in an inactive state until traffic is received. This option is selected by default.
Some SSO mechanisms do not give any way for the SonicWall network security appliance to actively re-identify a user, and if users identified by such a mechanism do not send traffic, they remain in the inactive state until the appliance eventually receives a logout notification for the user. For other users who can be re-identified, if they stay inactive and do not send traffic, they are aged-out and removed after a period (see the paragraphs that follow).
For inactive users who are subject to getting aged out, you can set the time, in minutes, after which they are aged-out and removed if they stay inactive and do not send traffic by selecting Age out inactive users after (minutes) and specifying the timeout in the field. This setting is selected by default, and the minimum timeout value is 10 minutes, the maximum is 10000 minutes, and the default is 60 minutes.
As the reason for keeping inactive user separate from active users is to minimize the resources used to manage them, the age-out timer runs once every 10 minutes. It might, therefore, take up to 10 minutes longer to remove inactive users from active status.