Session Timeout for VPN from OKTA - is this possible Skip to main content
https://support.okta.com/help/answers?id=9062a000000bmmaqay&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Abarna BalaramanAbarna Balaraman 

Session Timeout for VPN from OKTA - is this possible

Logging in via VPN involves MFA which is manged by OKTA. Under Security -> Policy->Legacy Policy we have a session timeout set as 2 hours. This means after 2 hours of Ideal session timeout we need to login to OKTA again or it is a session timeout for VPN to get disconnected.

Is it possible to manage timeout for VPN from OKTA. that is after few hours of Ideal VPN has to be disconnected - If yes, please explain. 
Gabriel SrokaGabriel Sroka (Okta, Inc.)
Hi Abarna
The Okta session is separate from the VPN session. I don't know of any way to control the VPN session from Okta -- you'd have to control it from the VPN side.
Abarna BalaramanAbarna Balaraman
Hi Gabriel,

Ok, Understood, but the factor lifetime is set to one day, is it anything to do with VPN.
Edward HollidayEdward Holliday (Okta, Inc.)
It IS connected with the "ragent.mfa.timeout.seconds" setting in the Radius config file ... see https://support.okta.com/help/answers?id=9062A000000bmWjQAI

If you use this setting then in this WAY the Okta Radius Agent sends a parameter with the Radiud NACK to TELL the VPN what the lifetime of the VPN session should be.....

without this the VPN session lifetime will just be whatever default the VPN developers choose

see Nouredine's answer here  https://support.okta.com/help/answers?id=9062A000000bmWjQAI