G Suite Session Timeout
- Let me guess, you are here because you are concerned about default G Suite session timeout of 14 days, and want to rather control it being a G Suite Administrator.
- Congratulations, Google just rolled it out and now allows you to control session timeout in G Suite, watch the video to see how it works.
01. Understanding Session
- When we login to gmail or other G Suite service, there is a relationship created between your browser and Google server.
- But there might be thousands of users communicating with Google servers at the same time, so how would Google server uniquely identifies us?
- It places a cookie in our browser, which is then referenced to uniquely identify us to maintain the session
02. Default Session
Length in G Suite
- By default, G Suite automatic session timeout for end users is 14 days , and businesses have been requesting Google to provide control on session length.
- Google finally launched this feature which allows G Suite Admins to control Google Apps Session Timeout .
03. Configure Session Timeout
- As now we have understanding of what session is, and we also know about G Suite's default session, let us configure it.
- As this is admin level setting, we will first need to first login to G Suite Admin Console
04. Access Security Settings
- Once you are in Admin console, click on the "Security" icon to go for security settings.
- You can also search for security in the top search bar.
05. Google session control
- When you go in security settings and scroll down a bit, you will see a new feature called "Google Session Control" - set session duration of Google services .
- Click on it to select the session length that you want to define for your G Suite users.
06. Making Session Timeout Policy?
- You can either apply the session length to all of your users by selecting the parent organizational unit.
- If you want to apply it on a subset of users, or want to enforce different session length on different set of users, then apply it based on the organizational units (e.g select the required OU and then apply session policy).
7. FAQ
Most frequent questions and answers about G Suite Session Timeout Control
No, when you change the session length in Google admin console (as shown above), then settings only apply to new sessions.
All users with an active sessions will “Not” be impacted by it, however once they “logout” OR “their 14 days default session expires”, then the new session length will be enforced.
Yes, workaround is to reset required user’s sign in cookies.
You can do that by following-;
- Search for the user in admin console
- Go to user’s account page
- Scroll down to see “Reset Sign In” cookies (as shown in the screenshot below)
Please note -: This will log the user out from all active sessions include the mobile app such as Gmail App on Android or iOS.
So be careful, I recall once I accidentally did it to our client’s CEO’s account and he had to login again to all his 6 devices, that was a tough day for me:).
Yes & No
Let me explain
As per Google’s documentation “Chrome Broswer” on Android and iOS works a bit different and these settings will NOT be applied on it, however other browsers such as Mozilla Firefox are covered by this setting.
No, it does not apply on G Suite mobile apps (e.g Gmail or Drive app on Android and iOS).
So, let say, if you configure session to be 8 hours, users on mobile devices with native G Suite apps will “NOT” need to enter their password every 8 hours which is good else it’ll be a nightmare:).
Yes.
Though at the time of initial launch of session control, it was only supported where Google was acting as IDP, but just after couple of weeks, Google enhanced its session control and now it applies on SAML based authentication too where Google isn’t acting as authentication provider.
So if you are using a third party IDP (e.g Okta, Ping Identity or ADFS), this setting will now apply to those G Suite sessions too.
No.
G Suite Admin session timeout is “One Hour”, and as its a persistent one, which means closing the browser won’t impact the session but one hour time would.
No.
So far following static options are available to control sessions-:
1 Hour
4 Hours
8 Hours
12 Hours
24 Hours
7 Days
14 Days
30 Days
Session Never Expires
Other G Suite Admin related posts you may like.
The Definitive G Suite Admin guide to Manage Windows Devices
AN ADMIN GUIDE TO MANAGE WINDOWS DEVICES VIA GOOGLE Google
G Suite to G Suite SSO – Setup federation between two Google tenants
There might be use cases where you would like your Office 365 users to authenticate via their G Suite or Google Cloud Identity accounts.
Google Cloud Identity is very flexible and it can be used as “Service Provider”, Identity provider or even both.
In this blog post, I would show you how you can use Google Cloud Identity (or G Suite) as identity provider and authenticate securely to Office 365 via SAML 2.0 (or WS-Fed).
Google Meet Attendance Reporter – Self Service Solution
If you use G Suite (or G Suite Essentials), you might be leveraging Google Meet to organize your video meetings (and live streaming if you are on G Suite Enterprise plan).
If your meeting had more than a few attendees, you might want to know who attended your Google Meeting (or live steam) and for how long.
Though Google Meet records attendance but this information is provided in Google Admin Console, and one needs G Suite Admin access to see it, which is not scalable as you don’t want to give G Suite admin access to all your users.
So I thought to create a self service solution where your G Suite users (without admin access) can simply fill up a Google Form, and instantly get their Google Meet attendance report.
6 thoughts on “G Suite Session Timeout – Control session timeout in G Suite”
Is it possible to implement session control in gsuite basic edition ?
If yes please let me know how
No, this feature is only available in business and enterprise sku.
Hi ..
for SSO the length is the session or 14 days ,which one is longer Or it always will be the g suite session length?
If you are leveraging any third party as Identity provider, then you should set IdP session length parameter to expire before Google’s default 14 days (or custom) session to have your IdP’s session takes precedence.
i was very less familiar with G-suit. but got a lot to learn form your post.
Glad you found it helpful.