About session expiration
You can specify the number of minutes after which any inactive session expires. The default setting is 30 minutes. When the expiration time elapses, any inactive session expires and the system logs out the user.
You can override this realm-wide setting for specific users. Just enable Override realm session expiration time located under the Authentication tab of their account details. Override realm session expiration time is disabled by default. You might want to enable it, for example, if you or another administrator needs to troubleshoot the system and the realm-wide session expiration time would interfere.
Additionally, active user sessions will expire and require reauthentication under these circumstances:
• The realm administrator changes the user’s password or username.
• The user changes their password.
• The realm administrator changes the user's two-factor authentication setting. When two-factor authentication is enabled, the user will be logged out when their mobile phone number changes.
When a realm administrator changes two-factor authentication at the realm level, all active sessions of those users who have two-factor authentication set to use realm settings will be logged out.
• The realm administrator changes the role’s properties.
• A session is inactive for 30 minutes, by default, or when a session exceeds the active session timeout period set by the realm administrator.
The realm administrator can override the realm setting to keep a user logged in using the Override realm session expiration time setting on the user’s Authentication tab. This can be useful when troubleshooting user accounts.
• The user logged in a second time. A user can’t log in to more than one active session. The second login that creates a new session for a user that already has an active session invalidates the first active session. The user is logged out of the first session.