Single Sign-On Time Limits
This table contains the time limits configured for CERN Single Sign-On sessions. If nothing is specified, the time limit applies to all login methods (including second factor authentication) and all accounts (including CERN, externals and applications).
| Type | Time limit |
|---|---|
| Session idle | 10 hours |
| Session max | 12 hours |
| Offline session idle | 30 days |
| Access token validity | 20 minutes |
| Access token validity for implicit flow | 15 minutes |
| Client login timeout | 1 minute |
| User login timeout | 30 minutes |
| Second factor initialization timeout | 10 minutes |
| Password reset link validity for guest accounts | 10 minutes |