Can Okta support SessionNotOnOrAfter for custom SAML applications? Skip to main content
https://support.okta.com/help/answers?id=9062a000000quoaqac&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Keith RegisterKeith Register 

Can Okta support SessionNotOnOrAfter for custom SAML applications?

SessionNotOnOrAfter [Optional] Specifies a time instant at which the session between the principal identified by the subject and the SAML authority issuing this statement MUST be considered ended. The time value is encoded in UTC, as described in Section 1.3.3. There is no required relationship between this attribute and a NotOnOrAfter condition attribute that may be present in the assertion.

Per http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf 
Page 27

This seems like something that we should be able to do for custom applications. Is this on a roadmap?
Andy GastonAndy Gaston (Okta, Inc.)
Hey Keith, I hope you are doing well today.
I actually see an existing Feature Request for this ability on the Ideas Forum:
https://support.okta.com/help/ideas/viewIdea.apexp?id=087F0000000M1ZM

So this idea is currently being investigated as to if it is possible to add support for this Feature.

Thanks for posting!