After issuing a authn call such as https://companyName.oktapreview.com/api/v1/authn we get a session token that has expiresAt attribute value. How can an administrator control the expiration interval? It seems to be set at 4 hours, but how can it be controlled?
Its all to do with Okta Sign-On policies. In the admin console, if you select Security, Policies and select the Sign-On tab, you can set different sign-on requirements for different types of users.
Within each policy, you can have different rules, and in each rule you can assign different time out values. By clicking the pencil on say the Admin rule, you will be presented a page where for the MFA or the Session you can associate different values from mins, hours to even days.
This is strange. Have your tried viewing them in the browser against the question that you raised, or just in the email that got returned? I have also just sent an email with the images attached to help (hopefully).