Where to Configure Security Options

Cookies

Cookie name Scope Validity

tsc

Domain of TIBCO Control Plane

Browser’s session

cic-user-at

Control Plane’s hostname

24 hours

session

(Only used by Default IdP in self-managed TIBCO Control Plane.)

admin.control-pane-domain

1 hour

Credential durations

Cookies issued in browser sessions are valid for up to 4 hours of inactivity.

Tokens issued to OIDC Apps (For example: Studio) can get refreshed after 7 days before forcing the user to re-authenticate.

Manually generated OAuth tokens are valid up to chosen time (up to 1 year) and are revocable at any time by the user. Deleting a user revokes any valid tokens issued to that user.