Google Workspace Session Timeout
- Let me guess, you are here because you are concerned about default Google Workspace session timeout of 14 days, and want to rather control it being a Google Workspace Administrator.
- Congratulations, Google just rolled it out and now allows you to control session timeout in Google Workspace, watch the video to see how it works.
01. Understanding Session
- When we login to gmail or other Google Workspace service, there is a relationship created between your browser and Google server.
- But there might be thousands of users communicating with Google servers at the same time, so how would Google server uniquely identifies us?
- It places a cookie in our browser, which is then referenced to uniquely identify us to maintain the session
02. Default Session
Length in Google Workspace
- By default, Google Workspace automatic session timeout for end users is 14 days , and businesses have been requesting Google to provide control on session length.
- Google finally launched this feature which allows Google Workspace Admins to control Google Apps Session Timeout .
03. Configure Session Timeout
- As now we have understanding of what session is, and we also know about Google Workspace's default session, let us configure it.
- As this is admin level setting, we will first need to first login to Google Workspace Admin Console
04. Access Security Settings
- Once you are in Admin console, click on the "Security" icon to go for security settings.
- You can also search for security in the top search bar.
05. Google session control
- When you go in security settings and scroll down a bit, you will see a new feature called "Google Session Control" - set session duration of Google services .
- Click on it to select the session length that you want to define for your Google Workspace users.
06. Making Session Timeout Policy?
- You can either apply the session length to all of your users by selecting the parent organizational unit.
- If you want to apply it on a subset of users, or want to enforce different session length on different set of users, then apply it based on the organizational units (e.g select the required OU and then apply session policy).
7. FAQ
Most frequent questions and answers about Google Workspace Session Timeout Control
No, when you change the session length in Google admin console (as shown above), then settings only apply to new sessions.
All users with an active sessions will “Not” be impacted by it, however once they “logout” OR “their 14 days default session expires”, then the new session length will be enforced.
Yes, workaround is to reset required user’s sign in cookies.
You can do that by following-;
- Search for the user in admin console
- Go to user’s account page
- Scroll down to see “Reset Sign In” cookies (as shown in the screenshot below)
Please note -: This will log the user out from all active sessions include the mobile app such as Gmail App on Android or iOS.
So be careful, I recall once I accidentally did it to our client’s CEO’s account and he had to login again to all his 6 devices, that was a tough day for me:).
Yes & No
Let me explain
As per Google’s documentation “Chrome Broswer” on Android and iOS works a bit different and these settings will NOT be applied on it, however other browsers such as Mozilla Firefox are covered by this setting.
No, it does not apply on Google Workspace mobile apps (e.g Gmail or Drive app on Android and iOS).
So, let say, if you configure session to be 8 hours, users on mobile devices with native Google Workspace apps will “NOT” need to enter their password every 8 hours which is good else it’ll be a nightmare:).
Yes.
Though at the time of initial launch of session control, it was only supported where Google was acting as IDP, but just after couple of weeks, Google enhanced its session control and now it applies on SAML based authentication too where Google isn’t acting as authentication provider.
So if you are using a third party IDP (e.g Okta, Ping Identity or ADFS), this setting will now apply to those Google Workspace sessions too.
No.
Google Workspace Admin session timeout is “One Hour”, and as its a persistent one, which means closing the browser won’t impact the session but one hour time would.
No.
So far following static options are available to control sessions-:
1 Hour
4 Hours
8 Hours
12 Hours
24 Hours
7 Days
14 Days
30 Days
Session Never Expires
Other Google Workspace Admin related posts you may like.
Why Google Cloud Identity?
Why Google Cloud Identity? Hey, fellow Google Admins, this is
Selective Email Forwarding in Google Workspace
what if you want to enable forwarding in Gmail, but based on certain conditions like my users can forward emails internally, but not outside the company?
This is what we’ll configure in this video by leveraging conditional email routing in Google Workspace.
Restrict Google Meet users from changing background in meet calls
Watch the video above to understand how you can control
6 thoughts on “Google Workspace Session Timeout – Control session timeout in Google Workspace”
Is it possible to implement session control in gsuite basic edition ?
If yes please let me know how
No, this feature is only available in business and enterprise sku.
Hi ..
for SSO the length is the session or 14 days ,which one is longer Or it always will be the g suite session length?
If you are leveraging any third party as Identity provider, then you should set IdP session length parameter to expire before Google’s default 14 days (or custom) session to have your IdP’s session takes precedence.
i was very less familiar with G-suit. but got a lot to learn form your post.
Glad you found it helpful.