Skip to content

Configuring IdentityNow Session Lengths

Session management details enforce browser-level security for your IdentityNow site. By default, IdentityNow is configured with these settings:

  • Maximum Session Length: 12 hours, and sessions end when the user closes the window
  • Idle Session Expiration: 15 minutes

You can edit these values for your organization's requirements. Changes are applied when users sign out and sign back in. They are not applied to active sessions.

To update the maximum session length or the idle expiration:

  1. Go to Admin > Global > Security Settings > Session Management.

  2. For Maximum Session Length, specify the maximum length of time a user's session can remain active.

    The maximum time allowed is 7 days.

  3. Use the End the session when the browser is closed checkbox to define whether closing the browser automatically terminates the user's session.

    • If this option is not selected, users will be able to access IdentityNow without reauthenticating as long as the session is valid.

    • If this checkbox is selected, users will be signed out on closing the browser window. Additionally, the Remember Me checkbox on the sign-in page disappears, so that users are always required to enter their usernames before authenticating into the SaaS Platform.


    This option is not enforced when users sign in with a browser configured to retain session cookies, such as with the Chrome "Continue where you left off" startup option. Those users, including strongly-authenticated admins, can resume their session upon reopening the tab or browser.

  4. Under Idle Session Expiration, specify the length of time a user's browser session can remain idle before they are automatically signed out of SailPoint's SaaS platform.


    • Any interaction with the page, including moving the mouse over the browser window, is treated as activity that resets the idle timeout clock.
    • Sessions could extend for up to 15 minutes longer than the specified idle session expiration duration while the authentication token expires.