Genesys Cloud - Main

 View Only

Sign Up

  • 1.  SSO token expiration

    Posted 04-15-2026 07:59

    Hello all,

     when logging-in in Genesys using SSO we can see the lifetime of the token is set to 8 days. This means the agents only have to relogin every 8 days. Is there a way to reduce this timeout? We would like to force agents to re-login every 12 hours. 

     we don't want to activate the inactivity timeout in Genesys since this would affect the wallboards also which do not use SSO.

    Regards,

    Mihai


    #System/PlatformAdministration

    ------------------------------
    Mihai Vasiloiu
    Tech Lead Customer Interactions
    ------------------------------


  • 2.  RE: SSO token expiration
    Best Answer

    Posted 04-15-2026 08:13

    Hello Mihai, 

    What you're seeing is expected behavior. The 8-day SSO session lifetime in Genesys Cloud isn't something you can directly change within the platform. Once Genesys validates the SAML response from your identity provider, it manages the session internally, and that default duration is fixed. It's also worth noting that the token settings you might see in Genesys (like the 5-minute to 2-day range) only apply to OAuth and API tokens, not SSO logins, so they won't help here.

    The best place to look for more control is on your identity provider side, where you may be able to enforce shorter session durations or require more frequent re-authentication.

    Hope this helps!



    ------------------------------
    Cameron
    Online Community Manager/Moderator
    ------------------------------



  • 3.  RE: SSO token expiration

    Posted 04-16-2026 08:11

    Hi Mihai,

    Just to reinforce Cameron's answer - this is a platform limitation in Genesys Cloud.

    The 8‑day SSO session lifetime is fixed and cannot be reduced from within Genesys. The inactivity timeout is the only native control on the Genesys side, but as you mentioned, it impacts non-SSO use cases like wallboards, so it's not always suitable.

    If you need agents to re-authenticate every 12 hours, the only practical control point is the Identity Provider (IdP):

    • Enforce shorter SAML session duration
    • Require re-authentication on session renewal
    • Disable persistent sessions / "remember me" features

    Genesys will honor a forced re-authentication from the IdP even if its internal session is still valid.

    So in short:
    ✅ Not configurable in Genesys
    ✅ Must be enforced at the IdP level



    ------------------------------
    Cesar Padilla
    INDRA COLOMBIA
    ------------------------------



Related Content