Session timeout
Users’ credentials for single sign-on and secure form-based authentication are not sent every browser session. However, the credentials must be revalidated periodically for security reasons, and you define the time period for that revalidation under Session timeout. The options are 1 day, 7 days, 14 days, 30 days, 3 months, 6 months, or 12 months.
Once the selected period has elapsed after a user’s credentials were last validated, the user is either re-authenticated transparently through your identity provider, or asked to supply their logon credentials again for form-based authentication.