<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D5KZ00001WYLrW0AXOkta Classic EngineAdministrationAnswered2025-10-31T15:03:11.000Z2025-10-27T09:18:02.000Z2025-10-31T15:03:11.000Z

JINL.05988 (Customer) asked a question.

October 27, 2025 at 9:18 AM
Clarification on Session Duration for AWS WorkSpaces SAML Integration (Okta Beginner)

Hello Okta Community,

I am relatively new to Okta and we have successfully set up SAML 2.0 integration between Okta and AWS WorkSpaces using the Okta AWS Account Federation application.

We are currently confused about which setting controls the duration of the WorkSpaces user session and how to ensure our users get a full 8-10 hour session without interruption due to SAML token expiration.

 

The Configuration Question

In the Okta application settings, I see the following options related to session duration:

  1. I found the attribute https://aws.amazon.com/SAML/Attributes/SessionDuration.
  • Our current value is set to Basic.
  • Question A: Is the value 36000 (10 hours) the correct way to set this attribute to enforce a longer session? What exactly does the Basic value mean in this context?

 

  1. I found the attribute "Maximum app session lifetime".
  • Question B: Does this policy control the AWS WorkSpaces session duration, or does it only control how long the user stays logged into the Okta browser session before re-authentication is needed?

 

My Goal

I need to ensure our WorkSpaces users can stay connected for a full 8-10 hour workday without being forced to re-authenticate or experiencing an abrupt session timeout due to the SAML token expiring.

 

Thank you in advance for your help!

  • 1 answer
  • 96 views

  • Paul S. (Okta, Inc.)

    Hello @JINL.05988 (Customer)​ Thank you for posting on our Community page!

     

    For question A: Yes, the value is setup in seconds so 36000 will mean 10 hours. By default this is setup to for a user to have a 1h session.

    For question B: By default, Okta does not control the application session. It can only initiate it, and the application decides how long it will be valid. Optionally, the 

    SessionNotOnOrAfter

     attribute can be sent to the Service Provider (SP) to specify the expiration time of a session. The SP uses this attribute to manage session validity, and it is up to the SP to terminate the session. 

     

    As stated in our doc here: https://support.okta.com/help/s/article/maximum-app-session-lifetime-saml-application-sessionnotonor?language=en_US

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best

  • Paul S. (Okta, Inc.)

    Hello @JINL.05988 (Customer)​ Thank you for posting on our Community page!

     

    For question A: Yes, the value is setup in seconds so 36000 will mean 10 hours. By default this is setup to for a user to have a 1h session.

    For question B: By default, Okta does not control the application session. It can only initiate it, and the application decides how long it will be valid. Optionally, the 

    SessionNotOnOrAfter

     attribute can be sent to the Service Provider (SP) to specify the expiration time of a session. The SP uses this attribute to manage session validity, and it is up to the SP to terminate the session. 

     

    As stated in our doc here: https://support.okta.com/help/s/article/maximum-app-session-lifetime-saml-application-sessionnotonor?language=en_US

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best
This question is closed.
Loading
Clarification on Session Duration for AWS WorkSpaces SAML Integration (Okta Beginner)