Okta deployed a security enhancement that changes the Admin Console session lifetime to improve platform security. Administrators can adjust the maximum session lifetime and idle time settings directly within the Okta Admin Console. The default settings for the Admin Console session lifetime are 12 hours, and the session idle time is 15 minutes, requiring re-authentication after that period.
- Okta Identity Engine (OIE)
- Okta Classic Engine
- Admin Console
- Global Sessions
Review the following video for details regarding the Okta Admin Console session lifetime and session idle time settings.
What is the Okta Admin Console session lifetime security enhancement?
Starting on January 4, 2024, for preview organizations and January 8, 2024, for production organizations, the default setting for the Admin Console session lifetime is 12 hours, and the session idle time is 15 minutes. These settings require re-authentication after the idle period expires. These are the recommended settings by the National Institute of Standards and Technology (NIST) and align Okta to the NIST Authenticator Assurance Level (AAL) phase 3 level.
NOTE: This enhancement does not impact end users using Okta to authenticate.
This is a permanent security enhancement, and administrators should incorporate it into normal processes. If this causes disruptions in the organization, contact Okta Support.
What are the steps to adjust the Okta Admin Console session settings?
Navigate to the Okta Admin Console application settings to adjust the maximum application session lifetime and idle time.
- Go to Applications > Applications > Okta Admin Console > Sign On > Okta Admin Console Session.
- Select a maximum app session lifetime between 1 minute and 24 hours.
- Select a maximum app session idle time between 1 minute and 2 hours.
