After 15 minutes of inactivity, Sumac users may be prompted to re-enter their password to continue using Sumac. This must occur to make your use of Sumac comply with PCI-DSS. PCI-DSS is the standard set of rules for protecting payment information. All software which processes payments must meet this standard.

This time-out occurs for two types of Sumac users: Administrator users, and users who have permission to see Payments.

If you are an Admin user and find this password prompt inconvenient, here is a way you can avoid it. Create a second user account for yourself. Give this new account Administrator privileges, and log in with it only when you need to perform an activity in Sumac which requires admin permissions. Remove admin privileges from the account you use for day-to-day activities in Sumac.

If you are a Payment user, you are only prompted to re-enter your password when you try to access payments after 15 minutes of inactivity. This is unavoidable for compliance with security standards, and is less disruptive.