SSO token expiration

View Only

Back to discussions

Expand all | Collapse all

Jump to Best Answer

1. SSO token expiration

Like
Mihai Vasiloiu

Partner
Posted yesterday

Reply Reply Privately
Hello all,

when logging-in in Genesys using SSO we can see the lifetime of the token is set to 8 days. This means the agents only have to relogin every 8 days. Is there a way to reduce this timeout? We would like to force agents to re-login every 12 hours.

we don't want to activate the inactivity timeout in Genesys since this would affect the wallboards also which do not use SSO.

Regards,

Mihai

#System/PlatformAdministration

------------------------------
Mihai Vasiloiu
Tech Lead Customer Interactions
------------------------------
2. RE: SSO token expiration
Best Answer

Like
Cameron Tomlin

Genesys
Posted yesterday

Reply Reply Privately
Hello Mihai,

What you're seeing is expected behavior. The 8-day SSO session lifetime in Genesys Cloud isn't something you can directly change within the platform. Once Genesys validates the SAML response from your identity provider, it manages the session internally, and that default duration is fixed. It's also worth noting that the token settings you might see in Genesys (like the 5-minute to 2-day range) only apply to OAuth and API tokens, not SSO logins, so they won't help here.

The best place to look for more control is on your identity provider side, where you may be able to enforce shorter session durations or require more frequent re-authentication.

Hope this helps!

------------------------------
Cameron
Online Community Manager/Moderator
------------------------------

Original Message
3. RE: SSO token expiration

Like
Cesar Padilla

Community Rockstar
Posted 9 hours ago

Reply Reply Privately
Hi Mihai,

Just to reinforce Cameron's answer - this is a platform limitation in Genesys Cloud.

The 8‑day SSO session lifetime is fixed and cannot be reduced from within Genesys. The inactivity timeout is the only native control on the Genesys side, but as you mentioned, it impacts non-SSO use cases like wallboards, so it's not always suitable.

If you need agents to re-authenticate every 12 hours, the only practical control point is the Identity Provider (IdP):

Enforce shorter SAML session duration

Require re-authentication on session renewal

Disable persistent sessions / "remember me" features

Genesys will honor a forced re-authentication from the IdP even if its internal session is still valid.

So in short:
✅ Not configurable in Genesys
✅ Must be enforced at the IdP level

------------------------------
Cesar Padilla
INDRA COLOMBIA
------------------------------

Original Message

Genesys Cloud - Main

SSO token expiration

Mihai Vasiloiuyesterday

Cameron TomlinyesterdayBest Answer

Cesar Padilla9 hours ago

1. SSO token expiration

2. RE: SSO token expiration Best Answer

3. RE: SSO token expiration

Related Content

Addition of AuthorizedClientIDs SAML attribute for SSO integrations (Unauthorized Client IdP redirect)

SSO integrations management via SAML Metadata files

SAML attributes

Genesys automatic inactivity timeout not working with SSO

Can I use SAML to integrate PureCloud to my Identity Provider for Single Sign On?

2. RE: SSO token expiration
Best Answer