Global Configuration – Administration (tab)

  • Published on Mar 11, 2026
  • 2 minute(s) read
Prev Next

This tab is only available if you have applied the OneSpan Authentication Server service patch 3.28.1.4122 (OAS-32782, OAS-30096).

It adds the new Web Admin Search Settings section and replaces the Session Management tab.

The SERVERS > Global Configuration > Administration tab contains global configuration settings that control and customize the administrative experience. This includes the management of interactive administrative sessions and global Administration Web Interface settings that are not configured via the Administration Web Interface properties file.

Table: Global Configuration – Session Management tab
Field nameDescription
Administration Session

Max. Concurrent Sessions

The maximum number of interactive administrative sessions allowed to run at one time.

Default value: 200

Limit Concurrent Sessions per User

Determines if the number of interactive administrative sessions should be limited per user.

Default value: No

Max. Concurrent Sessions per User

The maximum number of interactive administrative sessions allowed to run at one time for a particular user. Must be equal or greater than Max. Concurrent Sessions.

This option is only available if you enable Limit Concurrent Sessions per User.

Possible values: 1999

Default value: 1

If Concurrent Sessions per User Exceed Limit

This option specifies what should happen when a new session is initiated but the number of concurrent sessions for a particular user exceeds the limit given by Max. Concurrent Sessions per User.

This option is only available if you enable Limit Concurrent Sessions per User.

Possible values:

  • Invalidate oldest session. The oldest session will be forcefully expired, and a new session is created.
  • Prevent/deny logon. The user receives a logon error. New sessions cannot be created until another session is explicitly closed or expires automatically.

Default value: Invalidate oldest session

Max Session Time

The maximum time span an interactive administration session is allowed to run. This value is given in seconds. When the session time expires the session will automatically log off. The lower the value, the lower Max Concurrent Sessions can be set.

Default value: 86400

Idle Timeout

The time span before the session logs off when it is not being used. This value is given in seconds.

Default value: 900

If you want the timeout to exceed 1,200 seconds and you are using Apache Tomcat, you need to adapt the <session-timeout> setting in web.xml. If you are running Web Administration Service on the embedded Apache Tomcat, this file is located in %PROGRAMFILES%\VASCO\IAS Web Administration\webapps\ROOT\WEB-INF on Windows, and in /opt/vasco/iaswas/webapps/ROOT/WEB-INF on Linux.

<session-config>
    <session-timeout>20</session-timeout>
    <tracking-mode>COOKIE</tracking-mode>
</session-config>

The default value of the <session-timeout> setting is 20 (in minutes).

Web Admin Search Settings
Wildcards

Determines how the Administration Web Interface should handle wildcard characters when searching for users, either by user name, user ID, or email (via FIND on the home page or the Find/Manage User page).

Possible values:

  • Auto. The search treats the search term as a partial match pattern and automatically adds wildcard characters before and after it.
  • Manual. The search allows you to add wildcard characters yourself. If no wildcard characters are included, the search returns only exact matches.
  • Off. Wildcard characters cannot be used and will raise an error if included. The search returns only exact matches.

Default value: Auto