PeopleSoft Web Portal Security

When performing a PeopleSoft security audit, Integrigy reviews in detail the PeopleSoft Web Portal security settings to ensure they are set per best practice recommendations.  To do this yourself, use the table below to review your settings.

These settings should also be regularly reviewed to ensure against configuration drift.



Recommended Value

Allow Public Access

User sign on bypassed when direct link to a page are used – PUBLIC user access.


Days to Autofill User ID

Convenience for users. Caches user Id for x days.


View File Time to Live

Number of seconds to wait after sending a file attachment to a user's browser before removing that file from the web server.

Default is 0. Set to 0 (zero) for public area/kiosk

PIA use HTTP Same Server

Use the HTTP protocol instead of HTTPS for requests that are issued by the portal for content hosted on same server.


Allow Unregistered Content

Whether both registered and unregistered content is served. Turning this option off will prevent explicitly registered content references from being displayed in the portal.


SSL Secured Access Only

Forces use of SSL. Prevents users from using non-SSL protocols to access any link within this website or application.


Secure Cookie with SSL

Prevents single signon token from traveling over an insecure network. If selected the system sets the secure attribute of the single signon cookie (PS_TOKEN) to True.


Inactivity Warning

Number of seconds that the portal waits before warning users that browser sessions will expire. 


HTTP Session Inactivity

Number of seconds of inactivity after which the HTTP session times out for authenticated users. 


Inactivity Logout

Number of seconds of the inactivity timeout interval that applies to PeopleSoft applications to which a user is signed in. 


Show Connection Information

Generates system information page when a user presses Ctrl+J. Shows:

browser, OS, PeopleTools release, application release, service pack, page definition name, component definition name, menu definition name, user ID, database name, database type, and application server address


Show Trace Link at Signon

Displays URL link at sign-in for setting trace parameters.



If you have questions, please contact us at

Michael A. Miller, CISSP-ISSMP, CCSP


PeopleSoft Database Security

PeopleSoft Security Quick Reference

 Share this post