3.9.9 Sessions
The Sessions settings in ZTrust allow administrators to configure session durations, idle timeouts, and login limits. These configurations control how long users, clients, and offline sessions remain active or idle before expiration. Proper session management enhances both security and user experience.
SSO Session Idle
Description - The duration of inactivity before an SSO session expires. Tokens and browser sessions are invalidated when the session expires.
Default Behavior - Resets automatically upon authentication or token refresh.
Duration Unit - Minutes / Hours / Days
SSO Session Max
Description - The maximum duration an SSO session can remain active, regardless of user activity. Once exceeded, both tokens and sessions are invalidated.
Default Behavior - If exceeded, users must re-authenticate.
Duration Unit - Minutes / Hours / Days
SSO Session Idle Remember Me
Description - Defines the idle timeout for Remember Me sessions. If unset, the standard SSO Session Idle value applies.
Default Behavior - Defaults to SSO Session Idle if not configured.
Duration Unit - Minutes / Hours / Days
SSO Session Max Remember Me
Description - Sets the maximum duration for a Remember Me session before expiration.
Default Behavior - Defaults to SSO Session Max if not configured.
Duration Unit - Minutes / Hours / Days
Client Sessions
Client sessions control how long application-specific sessions remain active.
Description - Duration a client session can remain idle before expiration. Tokens are invalidated once expired.
Default Behavior - Defaults to SSO Session Idle if not set.
Duration Unit - Minutes / Hours / Days
Client Session Max
Description - Maximum duration a client session can remain active, regardless of activity. Tokens are invalidated once expired.
Default Behavior - Defaults to SSO Session Max if not set.
Duration Unit - Minutes / Hours / Days
This refers to the maximum duration for which a Client Session remains active before expiration.
Tokens are invalidated once the session expires.
If not set, it defaults to the Standard SSO Session Max value.
You can adjust the values and select the duration unit from the dropdown menu as required.
Offline Session Idle
Description - The duration an offline session can remain idle before expiration. Offline tokens must be refreshed within this period to maintain validity.
Default Behavior - If not refreshed within the set duration, the session expires.
Duration Unit - Minutes / Hours / Days
Offline Session Max Limited
Description - A toggle setting: • ON → Enables the Offline Session Max duration limit. • OFF → Offline sessions expire only due to inactivity.
Default Behavior -Disabled by default
Duration Unit - N/A
Offline Session Max
Description - The maximum duration an offline session remains active, regardless of user activity.
Default Behavior - Requires Offline Session Max Limited to be enabled.
Duration Unit - Minutes / Hours / Days
You can customize this duration and select the unit (Minutes, Hours, or Days) from the dropdown menu as per your requirements.
Login Timeout
Description - Maximum time allowed for a user to complete the login process. If exceeded, users must restart authentication.
Default Behavior - Recommended: 30 minutes
Duration Unit - Minutes / Hours / Days
Login Action Timeout
Description - Maximum duration users have to complete login-related actions, such as updating passwords or configuring TOTP.
Default Behavior -Recommended: 5 minutes or more
Duration Unit - Minutes / Hours / Days
Save and Revert
Save → Click Save to apply the updated session configurations.
Revert → Click Revert to discard any unsaved changes.
Last updated