Our compliance team is experiencing a frustrating issue with report exports in Arena QMS AQP 2023.1 cloud. When generating large compliance reports (typically audit trail exports covering 6-12 months), users are getting kicked out mid-export with an SSO session expiry error. The report generation takes 8-12 minutes for our data volume, but our SSO session timeout is set to 10 minutes in Azure AD.
The problem is that users start the export, the system shows “Generating report…” progress indicator, but around the 9-10 minute mark, they get redirected to the login page and the export is lost. They have to start over, which just repeats the cycle. We’ve tried scheduled report delivery as a workaround, but those are also failing with similar authentication errors in the delivery logs.
Is there a way to extend the SSO session duration specifically for report generation processes, or does Arena have a mechanism to handle long-running exports without requiring active session maintenance?
This is a common issue with long-running operations in cloud applications. The SSO session timeout is enforced by your identity provider (Azure AD), not by Arena QMS itself. However, extending the session timeout globally to 20-30 minutes might not be ideal from a security perspective. Have you looked into using refresh tokens or background job processing for these large exports?
Background jobs shouldn’t require user SSO sessions - they should run under a service account context. This sounds like a configuration issue with how Arena authenticates scheduled jobs in your cloud tenant. Check if there’s a dedicated service account configured for report generation in Admin > System Configuration > Service Accounts. This account needs appropriate permissions but doesn’t rely on SSO.
Arena QMS 2023.1 introduced asynchronous report generation for this exact reason. Instead of keeping the browser session active during export, the system should queue the report as a background job and email the download link when complete. Check if your compliance reports are configured to use async processing - go to Reports > Configuration and verify the “Enable Background Processing” option is checked for compliance audit exports. This completely bypasses the SSO session timeout issue.
I found the async processing setting and it was disabled. I enabled it, but now the scheduled reports are still failing. The error in the delivery log says “Authentication failed: Unable to validate user session for background job.” It seems like even background jobs need an active SSO session?
For the SSO session duration concern - you can implement a conditional access policy in Azure AD that extends session lifetime specifically for Arena QMS application without affecting your global security posture. Set up a policy that allows 30-minute sessions for Arena QMS URLs while keeping 10 minutes for other applications. This gives you the flexibility needed for large file exports while maintaining tight security elsewhere.