It means that the session will end in 4 hours and require the user to need to re-authenticate to Okta to log back in again. But the user does not have to be interactive with the browser to maintain the session.
I want to force my users to reauthenticate via their MFA every X hours. It seems that as long as they are active within the Okta portal, their session stays alive and never ends. Any idea how to force reauthentication via MFA?
I too would like clarification on specifically what actions keep a session active. In a scenario where the Okta session is 2 hours but an app in Okta has a 1 hour session, will the process of reauthenticating to that app via Okta start the Okta session time counter over again?