Overview
There are three types of session restrictions in place for web applications used at the university.
- Idle Timeout - used to detect user inactivity and require re-authentication. No more than 15 minutes.
- Session Limit - a maximum amount of time a session can be maintained before re-authentication. No more than 12 hours.
- Sign-in Frequency - a maximum amount of time a sign-in session can be maintained before a full interactive user sign-in is required. No more than 30 days.
Web applications which use Single Sign-On (SSO) can typically reconnect without prompting the user for a password but they may still display sign-out or session disconnect pages.
Note: Microsoft has also implemented Continuous Access Evaluation (CAE) for the majority of Microsoft services. This allows a session token to be revoked at any time without requiring a full session limit timeout. More information on CAE is available here: https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-continuous-access-evaluation
This is a list of common web applications in use and their configured maximum session limits.
Web Application |
Session Limit |
Uses Single Sign-On (SSO)? |
Identity Provider |
Active Directory Federation Services (AD FS) |
10 hours |
Yes |
Active Directory (on-premises) |
Microsoft Entra ID (formerly Azure Active Directory) |
12 hours |
Yes |
Entra ID |
Microsoft 365 Applications (Exchange Online) |
60 minutes |
Yes |
Entra ID |
Canvas |
12 hours |
Yes |
Entra ID |
Banner Self Service (VandalWeb) |
8 hours |
Yes |
Entra ID |
Banner 9 Admin |
8 hours |
Yes |
Entra ID |
help.uidaho.edu - Account Management |
20 minutes |
Yes |
Entra ID |
OIT Web Applications - Shibboleth SP for IIS |
60 minutes |
Yes |
Entra ID |
The University of Idaho Microsoft Entra ID tenant is configured to require an interactive sign-in at least once every 30 days. The user must present a password, passkey and another multi-factor authentication credential to sign-in.