NOTE: These web.config settings are not present by default after CRM install; they must be manually added. These are only applicable when using WebShell and Custom Authentication (all other IIS authentication methods disabled).  These settings are not applicable if CRM (bbAppFx) IIS virtual directory is set to Windows Authentication and this is explained below.  The MAX value for BrowserUserInactivityTimeoutInSeconds_SystemAdmin is 900 seconds or 15 minutes.  

  1. Find the web.config file located in the bbAppFx/vroot folder
  2. Add the following highlighted lines inside the appSettings element:

<add key="BrowserUserInactivityTimeoutInSeconds" value="1800" />
<add key="BrowserUserInactivityTimeoutInSeconds_SystemAdmin" value="900" />

Conditions when using Windows Authentication:
- When IIS is set to Windows Authentication on the CRM (bbAppFx) virtual directory, the timeout settings above DO NOT work.  When users access the CRM URL while on the domain, they are immediately logged into CRM and not prompted for authentication.  There is no user login challenge.  Programmatically, we are unable to time-out a user under these conditions because if they timed out the CRM session, the browser they are inside of would vouch for the user and take them right back into CRM without asking for credentials. Therefore, with Windows authentication CRM timeout settings do not apply.

- If IIS Windows authentication is used, the users would need to be logged off their machines using Active Directory & Group Policy Objects forcing the user to log back into their machines after 15 minutes of inactivity, for example.