tjcologne
commented
1 month ago [management] Add session expire functionality based on inactivity by @ctrl-zzz in https://github.com/netbirdio/netbird/pull/2326
The above mentioned feature of 30.2 should be exactly what we need. However we don't know how to activate this feature. We updated server and clients, yet don't see any options to change the time.
heisbrot
Description:
We're currently running a self-hosted Netbird instance with Zitadel as the identity provider, following the advanced installation guide.
For security reasons, we'd like to require users to authenticate (via password or 2FA) each time they connect to the network. This means that upon starting their PC or laptop (even from standby), users should be prompted to verify their identity.
Currently, the login process occurs only once, and the generated token doesn't expire. We've explored various settings to reduce the token's lifespan, but haven't found a way to explicitly force a login prompt at every connection.
We've attempted to adjust the "OIDC Token Lifetime and Expiration" values, but this hasn't yielded the desired result.
Question:
Could you please guide us on how to achieve this goal? Do we need to consider a different identity provider, or is there a configuration within Netbird or Zitadel that can enforce the desired behavior?
Thank you for your assistance.
Are you using NetBird Cloud?
self-host NetBird's control plane with Zitadel
NetBird version
netbird version0.30.0