Override SSO Session Settings at user level

jmcrthrs · January 13, 2026, 3:28pm

It is possible to override the SSO Session Settings at the Client level.

Is it also possible to override them at USer level, so individual users can decide their own session expiry time.

embesozzi · January 13, 2026, 6:42pm

The user does not decide the session expiration. Session lifetime is not within the user’s domain to control.

jmcrthrs · January 13, 2026, 9:52pm

Ok so there are no properties on the user record that could support such a feature and it isn’t likely to be added in the future?

embesozzi · January 13, 2026, 11:27pm

In my experience, I haven’t seen any IdP that supports that feature (Keycloak, OpenAM, Gluu, Entra, ForgeRock, Ping, Auth0, etc). Setting the expiration is done at the global or client level, not at the user level.

dasniko · January 14, 2026, 11:54am

To be even more precise: in Keycloak you only have 1 SSO (user) session with an expiration. At client level, only the related client session can expire differently. But for the expiration of the user session itself there is only a global value per realm!

system · January 16, 2026, 11:55am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Different SSO timeouts per user Getting advice oidc	4	73	January 9, 2025
Ability to configure a different session lifetime for admin-console users Getting advice admin-console	7	281	October 17, 2024
Configuring different session times across clients Getting advice	0	893	March 31, 2021
Need API call to Extend user session with session id when the user actively performing operations	3	1051	June 23, 2023
Difference between "Client Session" and "SSO Session" in timeout settings? Configuring the server	2	5703	April 4, 2022

Override SSO Session Settings at user level

Related topics