Skip to main content

Session Policies

Session Policies control the lifecycle of user sessions and global authentication requirements.

Global Session Settings

  • Session Timeout: How long a session remains active (idle timeout).
  • Absolute Timeout: Maximum duration of a session regardless of activity.
  • Persistence: Whether sessions persist across browser restarts (Remember Me).

Sign-on Rules

You can define global rules that apply to all applications:

  • "Require MFA for all admins."
  • "Deny access from Blacklisted IP Zones."
  • "Require re-authentication every 4 hours."