is it possible to base SAML session timeouts on user activity rather than a static time period? Skip to main content
https://support.okta.com/help/answers?id=9062a000000dfnjqag&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Greg HowleyGreg Howley 

is it possible to base SAML session timeouts on user activity rather than a static time period?

For example, AWS:  users need long session times during business hours, but sessions should close when not in use.  We set the timeout to 4 hours, but many users work on sessions all day and get kicked out.
Andy GastonAndy Gaston (Okta, Inc.)
Hey Greg,
In SAML, the Service Provider side is actually responsible for the Session's validity and the Session Lifespan. Okta as the IdP does not set this value. A slight exception to this, is as you pointed out in the AWS App integration, where we just pass the value for Session to the Service Provider (AWS in this case) via their API upon connection. AWS as the SP is still responsible for the Session and are in control of it's lifespan and validity.
Dylann FezeuDylann Fezeu (Customer First Programs)
Hello,

Thanks for posting your inquiry in Okta Community Portal.

​If you receive a great answer to your question(s), please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer." 

Thank you,

​Dylann Fezeu
OHC Team