Administrators configure global session policy rules to adjust the maximum Okta global session lifetime and maximum Okta global session idle time for end users. Updating these values requires navigating to the specific policy in the Okta Admin Console and modifying the session limits.

• Okta Identity Engine (OIE)
• Okta Classic Engine
• Sign On Rules
• Global Session Policy

How are Okta global session lifetimes and idle times adjusted?

NOTE: The Admin Console session timeout is configured separately from the global user session timeout. To change the timeout, the Okta Admin Console session lifetime must be edited.

Follow these steps to adjust session settings in Okta Identity Engine (OIE):

1. Sign in to the Okta Admin Console.
2. Navigate to Security > Global Session Policy.
3. Select the rule that applies to users signing in.
4. Click the pencil icon next to the relevant rule.
5. Scroll down to the Okta global session management section.

6. Configure an Okta session lifetime for Maximum Okta global session lifetime by selecting one of the following options:
   • No time limit: Applies no time limit to Okta sessions. Okta still expires user sessions when reaching the idle time.
   • Set time limit (Recommended): Sets a time limit for Okta session lifetimes. Type a numerical value in the right field, then select a value from the drop-down menu (Days, Hours, Minutes).
     • NOTE: Maximum Okta global session lifetime functions appropriately only for low-risk, low-assurance use cases. Administrators must avoid using it with behavior conditions or risk conditions.
7. Configure the idle time passing before Okta automatically expires sessions for Maximum Okta global session idle time, regardless of the Maximum Okta global session lifetime. Type a numerical value in the right field, then select a value from the drop-down menu (Days, Hours, Minutes).
8. Click Update rule to save the changes.

Follow these steps to adjust session settings in Okta Classic Engine:

1. Sign in to the Okta Admin Console.
2. Navigate to Security > Authentication > Sign on.
3. Select the rule that applies to users signing in.
4. Click the pencil icon next to the relevant rule.
5. Scroll down to the Okta global session management section.

6. Configure an Okta session lifetime for Maximum Okta global session lifetime by selecting one of the following options:
   • No time limit: Applies no time limit to Okta sessions. Okta still expires user sessions when reaching the idle time.
   • Set time limit: Sets a time limit to Okta session lifetimes. Type a numerical value in the right field, then select a value from the drop-down menu (Days, Hours, Minutes).
7. Configure the idle time passing before Okta automatically expires sessions for Maximum Okta global session idle time, regardless of the maximum Okta session lifetime. Type a numerical value in the right field, then select a value from the drop-down menu (Days, Hours, Minutes).
8. Click Update rule to save the changes.

Related References

• Admin Session Lifetime/Idle Timeout Security Enhancements
• Configure an Okta sign-on policy (Okta Classic Engine)
• Add a global session policy rule (Okta Identity Engine)