This is what happened to me:
- I was a Non-team users on a customer’s board. Non-team users are users who were invited directly to boards (as viewers, commenters, or editors), but not to the team itself. They can access the boards but can't create their own ones. Non-team users can be seen in the list of Active users and are affected by the account's settings.
- The customer was on an Enterprise plan and had the "Session Idle Timeout" toggle switched on. Once this toggle is switched on, after 90 minutes of inactivity, it will force the user to log out and sign back in to continue working on the board.
The problem:
The “Session Idle Timeout” rule was automatically imposed on my whole account. I was logged out every 90 minutes from all boards, including my own ones.
I could only “escape” from these “invasive security settings" and eliminate that unwanted behavior by leaving my customer’s team that I have been invited to.
I see the benefits of a policy that enforces the stronger security settings also for external parties who are simply "non-team users" on a board owned by another account. I also see the problem, that you will (like in my case) end up with contradicting rules (auto-logout yes/no) and need to decide whos preferences to violate / ignore.
The solution could be some kind of differentiated login status: I for example would be fine to separately log in to my customer's board every time I access it. I simply do not want to do the same thing EVERY TIME ON MY OWN BOARDS, as this is very inconvenient. Even if I had the option to decide on that (which I do not, as this is only on Enterprise accounts), I would not activate it. Inheriting it for my own account from simply becoming associated with someone else's account who activated this setting should not be automatic.
Maybe you find a way to work this out...
