.. _session-timeout-rules:

Session timeout rules
---------------------

The following rules apply to the idle session timeout and absolute session
timeout values that can be applied to users via a credential policy:

* Setting the absolute session timeout to 0 disables it.
* The absolute session timeout takes priority over the idle session timeout.
  Therefore, setting the absolute session timeout to a value less than the idle
  session timeout effectively disables the idle session timeout.
* Credential policy session timeouts do not apply to SSO authenticated users.
  For SSO authenticated users, Automate honors the SessionNotOnOrAfter
  SAML 2.0 attribute, which is equivalent to an absolute session timeout, although
  controlled by the IDP.

.. note::
   Timeout limits will initiate the display of timeout limit notifications in the
   Admin Portal - see: :ref:`timeout-limit-notifications`.