G Suite Session Timeout – Control session timeout in G Suite

G Suite Session Timeout

  • Let me guess, you are here because you are concerned about default G Suite session timeout of 14 days, and want to rather control it being a G Suite Administrator.
  • Congratulations, Google just rolled it out and now allows you to control session timeout in G Suite, watch the video to see how it works.
G Suite Session Timeout
Play Video

01. Understanding Session

  • When we login to gmail or other G Suite service, there is a relationship created between your browser and Google server.
  • But there might be thousands of users communicating with Google servers at the same time, so how would Google server uniquely identifies us?
  • It places a cookie in our browser, which is then referenced to uniquely identify us to maintain the session

02. Default Session
Length in G Suite

  • By default, G Suite automatic session timeout for end users is 14 days , and businesses have been requesting Google to provide control on session length.
  • Google finally launched this feature which allows G Suite Admins to control Google Apps Session Timeout .

03. Configure Session Timeout

  • As now we have understanding of what session is, and we also know about G Suite's default session, let us configure it.​
  • As this is admin level setting, we will first need to first login to G Suite Admin Console

04. Access Security Settings

  • Once you are in Admin console, click on the "Security" icon to go for security settings.
  • You can also search for security in the top search bar.

05. Google session control

  • When you go in security settings and scroll down a bit, you will see a new feature called "Google Session Control" - set session duration of Google services .
  • Click on it to select the session length that you want to define for your G Suite users.

06. Making Session Timeout Policy?

  • You can either apply the session length to all of your users by selecting the parent organizational unit.
  • If you want to apply it on a subset of users, or want to enforce different session length on different set of users, then apply it based on the organizational units (e.g select the required OU and then apply session policy).

7. FAQ

Most frequent questions and answers about G Suite Session Timeout Control

No, when you change the session length in Google admin console (as shown above), then settings only apply to new sessions.

All users with an active sessions will “Not” be impacted by it, however once they “logout” OR “their 14 days default session expires”, then the new session length will be enforced.

Yes, workaround is to reset required user’s sign in cookies.

You can do that by following-;

  1. Search for the user in admin console
  2. Go to user’s account page
  3. Scroll down to see “Reset Sign In” cookies (as shown in the screenshot below)

Please note -: This will log the user out from all active sessions include the mobile app such as Gmail App on Android or iOS.

So be careful, I recall once I accidentally did it to our client’s CEO’s account and he had to login again to all his 6 devices, that was a tough day for me:).

Yes & No

Let me explain

As per Google’s documentation “Chrome Broswer” on Android and iOS works a bit different and these settings will NOT be applied on it, however other browsers such as  Mozilla Firefox are covered by this setting.

No, it does not apply on G Suite mobile apps (e.g Gmail or Drive app on Android and iOS).

So, let say, if you configure session to be 8 hours, users on mobile devices with native G Suite apps will “NOT” need to enter their password every 8 hours which is good else it’ll be a nightmare:).

 

Yes.

Though at the time of initial launch of session control, it was only supported where Google was acting as IDP,  but just after couple of weeks, Google enhanced its session control and now it applies on SAML based authentication too where Google isn’t acting as authentication provider.

So if you are using a third party IDP (e.g Okta, Ping Identity or ADFS), this setting will now apply to those G Suite sessions too.

No.

G Suite Admin session timeout is “One Hour”, and as its a persistent one, which means closing the browser won’t impact the session but one hour time would.

No.

So far following static options are available to control sessions-:

1 Hour

4 Hours

8 Hours

12 Hours

24 Hours

7 Days

14 Days

30 Days

Session Never Expires

 

Other G Suite Admin related posts you may like.

Facebook
Google+
Twitter
LinkedIn
Pinterest

2 thoughts on “G Suite Session Timeout – Control session timeout in G Suite”

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.