Session timeouts in Google Workspace define how long a user can stay signed in to their apps before being automatically logged out. This feature, managed through the Admin console, enhances security by requiring users to reauthenticate after a specified period, helping protect sensitive data and enforce compliance with organizational policies.
Controlling session timeouts in Google Workspace is crucial for maintaining security and user productivity. Through the Admin console, you can configure how long users can remain signed into their apps before being prompted to log in again. This ensures secure access while balancing usability, helping protect sensitive data and comply with organizational policies. Once a session expires, users must reauthenticate to initiate a new one, enhancing overall security protocols.
The default length of the Google Workspace web session is 14 days. However, the function of this setting on mobile devices differs according to the app and device. As for Google Workspace Admin, the default session length is one hour.
Setting the session length for Google Workspace apps applies only to the following editions:
1. Choose the target Organizational Unit
Note: To apply it to all users, select the top organizational unit. Initially, an organization inherits the settings of its parent organization.
This screenshot illustrates the organizational unit structure in Google Workspace Admin Console, with the parent organizational unit (OU) highlighted in red and the sub-organization unit highlighted in yellow.
2. For Session control, under Web session duration, choose the length of time after which the user has to sign in again.
3. Click Override to keep the setting the same, even if the parent setting changes.
4. If the organizational unit's status is already Overridden, choose an option:some text
It shows the Google Session control settings page in the Google Workspace Admin Console, where administrators can configure session duration and customize session timeouts for different organizational units.
On Android or iOS devices, session lengths for native mobile apps like Gmail or Google Calendar are not applicable for change as they never expire unless there’s a trigger for re-authentication. Session length is also not implemented on OAuth-authenticated apps or Chrome browsers; it is only applicable when the user is not signed in.
There are things to consider when setting up session length for Google Workspace if you’re using a third-party provider (IDP) like Okta, Ping, or ADFS. For the session length set in Google Workspace to work as intended, the session length parameter configured in the IdP should expire first before the Google session timeouts. By doing so, your users will be prompted to sign in again to resume the Google session.
Active sessions are not impacted right away by the session length changes. It will be applied once the user logs out or the previously set session length expires. To enforce it on active sessions, it is advisable to reset the user’s sign-in cookies. By doing so, it will log out of all active sessions, including native apps on mobile devices such as Gmail.
4. Under the Security tab, find Sign in cookies> click Reset and Done to apply the changes.
This screenshot displays the "Sign in cookies" option in the Google Workspace Admin console, with the "Reset" option highlighted for clearing user sign-in cookies and enforcing session timeout changes.
Setting custom session lengths for Google Workspace depends on the company's preference. If you want your users to have a seamless and convenient experience using their account, you can set a longer session timeout or opt for their session never to expire. But if your goal is to limit the account access, then setting up a shorter session timeout is best.
It will only work in other mobile browsers such as Safari or Mozilla Firefox. The only time the changes in session length will be applied to the Chrome browser is when the user is not signed in.
No, it is not applied to native Google Workspace apps such as Gmail. However, the login session will timeout when the user’s password is reset or reset sign-in cookies are applied to the user.
No, the 14-day default session length is applied to users only. Google Workspace Admin has a default session length of one hour.
No, you can only adjust the session length based on the predefined options. Refer to Available session length options
Yes, add the users for whom you want to have a shorter session length in different organizational units. See: Customize Google Workspace Session Timeout on the selected Organizational Unit
Check that the IdP session length is shorter than the session length set in Google Workspace. Otherwise, the Google session will just automatically renew if the third-party IDP session is still valid. See: Session Timeouts for SAML-Based Authentication
Refer to your third-party identity provider (IdP) documentation for steps on how to check or set the IdP session length, as steps vary between each provider.
