is it possible to base SAML session timeouts on user activity rather than a static time period?
For example, AWS: users need long session times during business hours, but sessions should close when not in use. We set the timeout to 4 hours, but many users work on sessions all day and get kicked out.
Hey Greg, In SAML, the Service Provider side is actually responsible for the Session's validity and the Session Lifespan. Okta as the IdP does not set this value. A slight exception to this, is as you pointed out in the AWS App integration, where we just pass the value for Session to the Service Provider (AWS in this case) via their API upon connection. AWS as the SP is still responsible for the Session and are in control of it's lifespan and validity.