If the session logout value defined in IDP is 10,000 seconds and Max Authentication Session in Saviynt SSO is 5000 seconds, how long will the session last?

The Max Authentication Session parameter in Single Sign-On settings specifies the maximum duration, in seconds, for which an SSO session will remain valid. The default value is 3600 seconds.

If the session logout value defined in IDP is 10,000 seconds and Max Authentication Session in Saviynt SSO is 5000 seconds, how long will the session last?
A . 5000 seconds
B . 10,000 seconds
C . 3600 seconds
D . None of the above

Answer: A

Explanation:

In Saviynt’s SSO setup, the "Max Authentication Session" parameter determines the maximum duration of an SSO session within Saviynt, overriding any longer durations set by the Identity Provider (IdP).

Session Duration Logic: Saviynt’s internal session timeout setting takes precedence over the IdP’s session timeout. This ensures that Saviynt can enforce its own security policies regarding session lifetimes.

Why other options are incorrect:

B. 10,000 seconds: This is the IdP’s session logout value, but Saviynt’s "Max Authentication Session" setting overrides it.

C. 3600 seconds: This is the default value, but the question specifies a configured value of 5000 seconds.

Saviynt IGA

Reference: Saviynt Documentation: The documentation for configuring SSO settings within Saviynt explains the "Max Authentication Session" parameter and its impact on session duration.

Saviynt Best Practices: Saviynt’s best practices for SSO often recommend aligning session timeouts between the IdP and Saviynt to avoid confusion and potential security gaps.