Skip to content

Single Sign-On Time Limits

This table contains the time limits configured for CERN Single Sign-On sessions. If nothing is specified, the time limit applies to all login methods (including second factor authentication) and all accounts (including CERN, externals and applications).

Type Time limit
Session idle 10 hours
Session max 12 hours
Offline session idle 30 days
Access token validity 20 minutes
Access token validity for implicit flow 15 minutes
Client login timeout 1 minute
User login timeout 30 minutes
Second factor initialization timeout 10 minutes
Password reset link validity for guest accounts 10 minutes