Automatic Logout and Session Timeout
Tulip provides two ways to automatically log out associates from apps after a period of inactivity. Depending on your needs, you can configure logout behavior on individual devices or enforce a company-wide session timeout across all Tulip apps and devices.
Overview
| Associate-Managed (Per-Device) | Company-Managed (Enterprise-Wide) | |
|---|---|---|
| Setting name | Automatic Logout Time | Application Session Timeout |
| Scope | Single device only | All Tulip apps, all devices, entire tenant |
| Configured by | A manager, in the app on each device | An administrator, in Admin Console |
| What the timer measures | Idle time while the app is open and on screen | Time spent outside of all Tulip apps (device asleep, app in background, or using other apps) |
Both settings operate independently. If both are configured, whichever timer is reached first will log the associate out.
Option 1: Associate-Managed Automatic Logout (Per-Device)
This option allows a manager to set an automatic logout timer directly within the Tulip app on a specific device. Once configured, the setting applies to anyone who uses that device, regardless of their role.
How It Works
- The timer counts idle time while the app is open and on screen. If an associate stops interacting with the app (no taps, swipes, or scrolls) for longer than the configured time, they are automatically logged out.
- The timer does not count time when the device is asleep or the app is in the background.
- The setting is stored locally on the device and does not sync to other devices.
How to Configure
- Log in to the Tulip app on the target device as a manager.
- Open the in-app Settings.
- Open the Associates section and locate the Automatic Logout Time option.
- Select the desired timeout duration.
The setting takes effect immediately and applies to all users on that device. To configure multiple devices, repeat the process on each device.
A manager must configure each device individually. There is no way to push this setting to multiple devices at once from within the app.
Option 2: Company-Managed Session Timeout (Enterprise-Wide)
This option allows an administrator to set an enterprise-wide session timeout through Admin Console. The timeout applies to all Tulip apps across all devices for the entire tenant.
How It Works
- The timer counts time spent outside of any Tulip app on the device. This includes time when the device is asleep, the app is in the background, or the associate is using a non-Tulip app.
- The timer does not count time while an associate is actively using any Tulip app.
- Using any Tulip app in the foreground resets the timer.
- When the timer expires, the associate must log in again the next time they open a Tulip app.
How to Configure
- Navigate to Admin Console.
- Open the Integrations tab from the main menu on the left.
- Click Application Session Configuration in the sidebar.
- Click the edit (pencil) icon on the Application Session Configuration card.
- Enter the desired timeout value.
- Click Save.
The configured value is in minutes, hours, or days. For example, entering 30 with minutes in the dropdown means associates will be logged out after 30 minutes away from all Tulip apps.
Recommendations
- A value of 30 minutes or higher is recommended for most use cases.
- Very low values (under 5 minutes) are not recommended, as they create significant friction for associates who may briefly step away from the device.
- Consider your associates' workflows when choosing a value. Associates who frequently switch between Tulip and other apps may be impacted by short timeout values.
Comparing the Two Options
| Scenario | Associate-Managed (Per-Device) | Company-Managed (Enterprise-Wide) |
|---|---|---|
| Associate is using the Tulip app and stops tapping for 10 minutes | Logs out (if timeout is 10 min or less) | Does not log out (app is still in foreground) |
| Associate switches to another app for 10 minutes, then returns to Tulip | Does not log out (timer only counts in-app idle time) | Logs out (if timeout is 10 min or less) |
| Device goes to sleep for 10 minutes, then associate wakes it | Does not log out | Logs out (if timeout is 10 min or less) |
| Associate force-closes the Tulip app and reopens it | Behavior depends on app state | Logs out (session is cleared) |
Interaction with SSO
If your organization uses Single Sign-On (SSO), the Tulip session timeout operates independently from the SSO session lifetime.
- When the Tulip session times out, the associate is required to log in again.
- If the SSO session with the identity provider is still active, the re-authentication may happen automatically (no password prompt).
- If the SSO session has also expired, the associate will need to fully re-authenticate with the identity provider.
FAQ
Can I set different timeout values for different apps (e.g., Clienteling vs. POS)? No. The company-managed session timeout applies to all Tulip apps uniformly. The per-device setting also does not distinguish between apps.
Can I set different timeout values per store or per role? No. The company-managed session timeout is a tenant-wide setting. The per-device setting applies to everyone on that specific device regardless of role.
What happens if both settings are configured? Both operate independently. If the per-device automatic logout time triggers first (e.g., idle in-app), the associate is logged out. If the enterprise-wide session timeout triggers first (e.g., away from all Tulip apps), the associate is logged out. Whichever condition is met first takes effect.