can be configured with inactivity timeouts to automatically sign out idle users. This is especially important for portals that handle sensitive data or are accessed on shared devices.

Inactivity Timeouts

When enabled, Kinabase tracks how long a portal user has been idle and automatically signs them out once the configured period elapses. The server enforces the timeout on every request, so it cannot be bypassed from the browser.

By default, portal sessions expire after 14 days of inactivity. With inactivity timeouts enabled, you can shorten this to as little as 30 minutes.

Configuring an Inactivity Timeout

Open Settings and select Portals
Open the portal you want to configure
Select the Security pane in the portal settings sidebar
Toggle Enable inactivity timeout to on
Choose a Timeout duration from the dropdown — the default is 1 day
Save your changes

The new timeout applies to all future sign-ins for that portal. Existing sessions continue with the previous 14-day expiry until the user signs in again.

Available Timeout Durations

Duration
30 minutes
1 hour
2 hours
4 hours
8 hours
1 day
2 days
1 week
2 weeks
4 weeks

To return to the default 14-day session expiry, toggle Enable inactivity timeout off.

What Portal Users See

When a session is about to expire, a modal appears with the message "Are you still there?" and two options:

Continue Session — resets the countdown so the user can keep working
Sign Out — ends the session immediately

If the user takes no action, they are signed out automatically and redirected to the portal sign-in page.

Multi-Tab Behaviour

If a user has the portal open in multiple browser tabs, extending the session in one tab automatically refreshes the countdown in every other open tab. Users do not need to interact with each tab individually.

Who Can Configure Timeouts

Only colleagues

Colleague

A team member who has full access to a Kinabase workspace and its settings.

with permission to edit portal settings can configure inactivity timeouts. Portal users (both internal and external) cannot change the timeout themselves.

When to Use Inactivity Timeouts

Sensitive data portals

Set short timeouts (30 minutes to 1 hour) on portals that expose financial, personal, or confidential information to satisfy audit and compliance requirements.

Shared device environments

Enable shift-length timeouts (4 to 8 hours) on portals used by warehouse staff, receptionists, or other users who share a terminal, so sessions are secured when staff walk away.

Low-risk portals

Leave timeouts disabled for internal knowledge bases or low-sensitivity portals where convenience is more important than session control.

Mixed environments

Apply different timeout policies across portals — lock down high-risk portals while keeping others convenient.

Portals Overview — what portals are and how they work
External Portals — set up portals for clients and partners
Internal Portals — set up portals for team members
Managing Portal Users — control access and invitations

PreviousManaging Portal Users

Next Data Visualisation Tools

Portal Security