Managing Automatic Session Timeouts in PI Coresight (PI Vision)
PI Coresight currently does not natively support automatic session timeout based on inactivity. The upcoming support for OpenID Connect will allow organizations to enforce session timeouts via their chosen identity provider.
Roshan Soni
Managing Automatic Session Timeouts in PI Coresight (PI Vision)
Many organizations require session inactivity timeouts as part of their security policies. A common question from PI Coresight (now known as PI Vision) administrators is: Can we configure automatic session termination after a period of inactivity?
Current State: No Native Inactivity Timeout
As of now, PI Coresight does not natively support automatic session timeouts triggered by user inactivity. This means that, out of the box, Coresight will not automatically log out users who are idle for extended periods.
The Future: OpenID Connect and Identity Provider-Based Timeouts
OSIsoft is actively developing support for OpenID Connect (OIDC), a modern authentication protocol that enables claims-based authentication. Once this functionality is released, you’ll be able to:
- Integrate Coresight with enterprise identity providers, such as Active Directory Federation Services (ADFS), Azure Active Directory, or other OIDC-compatible platforms.
- Manage session timeout (and other security policies) directly in your identity provider settings, instead of in PI Coresight alone.
With OIDC-enabled authentication, your organization will gain more granular control over session duration, idle timeout, and logout policies — all enforced centrally and consistently across applications.
What Should You Do Now?
- Monitor OSIsoft’s Release Notes: Keep an eye on the official PI Vision release notes to know when OIDC support becomes available.
- Plan for Integration: If your organization already uses an OIDC-capable identity provider, plan for the eventual rollout by aligning your compliance and IT teams.
- Prepare for Configuration: Once released, updating Coresight to use OIDC will allow you to configure session timeout settings within your identity provider, ensuring your compliance requirements are met.
Summary Table
| Scenario | Support Status | Where to Configure Timeout |
|---|---|---|
| Built-in Coresight timeout | Not supported | N/A |
| With OpenID Connect (future) | Supported (planned) | Identity Provider (e.g., ADFS) |
Configuring automatic inactivity timeouts in Coresight is on the roadmap via OpenID Connect support. In the meantime, stay current with OSIsoft’s development, and consider preparing your infrastructure for OIDC to take advantage of more secure and compliant authentication flows in the near future.
Tags
About Roshan Soni
Expert in PI System implementation, industrial automation, and data management. Passionate about helping organizations maximize the value of their process data through innovative solutions and best practices.
No comments yet
Be the first to share your thoughts on this article.
Related Articles
Enhancing PI ProcessBook Trends with Banding and Zones: User Needs, Workarounds, and the Road Ahead
A look at the user demand for trend banding/zoning in OSIsoft PI ProcessBook, current VBA workarounds, UI challenges, and how future PI Vision releases aim to address these visualization needs.
Roshan Soni
Migrating PIAdvCalcFilVal Uptime Calculations from PI DataLink to PI OLEDB
Learn how to translate PI DataLink's PIAdvCalcFilVal advanced calculations—like counting uptime based on conditions—into efficient PI OLEDB SQL queries. Explore three practical approaches using PIAVG, PIINTERP, and PICOunt tables, and get tips for validation and accuracy.
Roshan Soni
Understanding PI Web API WebID Encoding: Can You Generate WebIDs Client-Side?
Curious about how PI Web API generates WebIDs and whether you can encode them client-side using GUIDs or paths? This article explores the encoding mechanisms, current documentation, and best practices for handling WebIDs in your applications.
Roshan Soni