Skip to main content

Customer Center

SmartVault Customer Center

Security: Session Tokens and Auto Log-Out


Security in the SmartVault Portal has been enhanced for all users through the addition of Session Tokens that will expire after 15 minutes of inactivity, causing the user to be automatically logged out. 


Similar to the auto-logout process you may experience on a bank or insurance company's website, if someone logs into a SmartVault account through the web Portal and remains idle (meaning they do not browse to different folders, upload files, etc.) then they will receive a pop-up after 13 minutes warning them that their session is about to end due to inactivity.  If the user fails to click the 'Stay Logged In' button in the pop-up window within 2 minutes, the user is automatically logged out.


As an additional security precaution, SmartVault will immediately invalidate a user's Session Token if the first 2 portions of their IP address have changed.  If you happened to log in to SmartVault from a laptop in your office, you can easily move around within your office and stay connected, but if you move from your office to Starbucks, SmartVault will detect a change in IP address and require you to sign-in again.  This is an added level of security to prevent unauthorized users from accessing your account in the event of a theft or loss of your device.

Note: If you've forgotten your password, see this article to reset your password


  1. Go to and login to the web Portal using your SmartVault credentials.
    SmartVault Login Screen - Defaul 00t.png
  2. Depending on your default view in the Portal, one of the following pop-up windows will appear after 13 minutes of inactivity:
    Session Token Time Out warning - Portal Rest 00.pngsession token time out warning - net porta 00l.png

  3. If you do not click on Stay Logged In - Dashboard.png within 2 minutes, the system will automatically log you out.
  4. If you choose to "Stay Logged In" your session token will be renewed and you will receive another warning after another 13 minutes of inactivity.
  5. If you choose to Log Out Now.png then all instances of the SmartVault Portal within that web browser will be logged out.


Session Tokens are just one way SmartVault is improving security on all accounts.  Here are some guidelines on how Session Tokens behave:

  • If you log into the SmartVault Portal and remain idle for 15 consecutive minutes then all SmartVault web instances or tabs that were opened during that session within that web browser will automatically log out. 
  • If you login to the SmartVault Portal and then open multiple Portal windows within the same web browser, the session token will apply to all instances within the same web browser, so staying active in one instance or tab will keep all the other Portal instances within that web browser active.
  • If you open a different web browser and login to the SmartVault Portal then a new session token is issued that affects just the instances or tabs within the new web browser.
  • If the first 2 portions of your IP address change (i.e. - you connect to a different network), SmartVault will log you out.
  • The SmartVault for Windows Desktop Client also uses session tokens, but it is not affected by inactivity.  The SmartVault Launchpad, including the Connected Desktop, will force you to sign back in once a week as an additional security check.  
  • Windows and Macintosh WebDAV clients do not use or check session tokens, so connectivity of mapped web drives like the SmartVault Web Drive is not affected by the addition of session tokens.