Session Timeout for AWS Integration Skip to main content
https://support.okta.com/help/answers?id=906f0000000i05miac&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Alex SerebrenyAlex Serebreny 

Session Timeout for AWS Integration

We are constantly experiencing short (15min) session timeouts for the AWS integration. According to AWS support this is set via "DurationSeconds" parameter within the "AssumeRoleWithSAML" API call that Okta makes. Has anyone else had a similar issue and is there any way to change it?

Thanks!
Taylor HigleyTaylor Higley
We have this same issue.  It's annoying.
Rich MapesRich Mapes
it appears that's the default, as well as the maximum value of the credential lifetime when using the AssumeRoleWithSAML. Here a link that has more info, look for the heading Comparing the AWS STS APIs
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
Alex SerebrenyAlex Serebreny
According to that link it says the maximum AND default is 1 hour, unless I'm missing something?
User-added image
Daniel BrightDaniel Bright
In case anyone here wasn't aware, AWS just released an update to the session timeout settings for SAML logins, you can read about it here: http://blogs.aws.amazon.com/security/post/Tx3GL3IZE3FIGB6/Enable-Your-Federated-Users-to-Work-in-the-AWS-Management-Console-for-up-to-12-H. I'm going to be doing some testing with my setup to see if I can implement this with the current setup, but I think it would be great for Okta to jump on this and add it as an option.
Matthew KriegerMatthew Krieger
Seconding that. I would definitely like to see this as an option in AWS SAML application.
Steve GrevemeyerSteve Grevemeyer
I'm adding myself to the list of people wanting this.  I have some developer's ready to mutiny.
William KuangWilliam Kuang
+1 I would definitely like to see this as an option in AWS SAML application.
Jacob Thampi - AdminJacob Thampi - Admin
+1 here as well for including sessiontimeout in the AWS Okta App. 
Wesley KirklandWesley Kirkland
Agreed this is possible in ADFs, it needs to be in Okta as I hate logging in 8 times a day per account :(
Noah GayNoah Gay
We would like to see this in Okta as well.
Rocky ReyesRocky Reyes
We definitely need this. It's hard to sell developers on Okta when all it does is make their life miserable.
Has anyone submitted a feature request yet?
Joseph BrinleyJoseph Brinley
Also would like to see this
John FlanneryJohn Flannery
Would be incredibly helpful to have this.
Sohaib AjmalSohaib Ajmal
Okta added a feature to address this in late 2016, please search for "Session Duration" in the release notes for the 2016-46 release for instructions on how to set your AWS session duration: https://support.okta.com/help/Documentation/Knowledge_Article/Okta-Preview-Sandbox-Release-2016-46
Jake Van SchaikJake Van Schaik
@Sohaib - did you get this working for CLI use? or is this (as is hinted by the title of the aws blog post further up) only for Console access? Our devs are hating okta more and more each day thanks to the default and seemingly unchangeable 1 hour timeout.