Session timeout
Note: The session timeout option of this page does not apply to traffic from an I Series appliance. For information on configuring session timeout for appliances, see Adding or editing appliance
information.
Users’ credentials for single sign-on and secure form-based authentication are not sent every browser session. However, the credentials must be revalidated periodically for security reasons, and you define the time period for that revalidation under Session timeout. The options are 1 day, 7 days, 14 days, 30 days, 3 months, 6 months, or 12 months.
Once the selected period has elapsed after a user’s credentials were last validated, the user is either re-authenticated transparently through your identity provider, or asked to supply their logon credentials again for form-based authentication.