Detects if any of your active Okta authentication policies do not have a maximum session lifetime value OR if the session idle expiration value is greater than 120 minutes.

Okta authentication policies should have a maximum session length configured to prevent extremely long sessions without re-authentication. Similarly, the session idle time should be set to an appropriate value for your organizational policies.

Enforcing session timeouts for idle and maximum session lifetime is an important security control for mitigating attacks such as session hijacking.

Recommended Actions

Validate your Okta authentication policy settings.

We recommend setting "Maximum Okta session lifetime" to 16 hours (one working day) and "Expire session after user has been idle on Okta for" to 2 hours.

Configure this insight session idle value to match your Okta session policies.

Default Check Settings

Session expiration timeframe (min): 120

Compatibility

Okta