Skip to content
Visit Kinde’s marketing website Kinde Docs
  • Auth and access
  • Manage authentication

Session management per organization

If you are on the Kinde Scale plan, you can change Kinde authenticated session configuration at the organization level as well as the environment level. An authenticated session (or SSO session) is the period during which Kinde treats the user as signed in. You can define whether a session persists after the browser is closed, and how much time can elapse before prompting the organization’s users to re-authenticate.

These settings only apply to Kinde sessions and not sessions you maintain through your own application.

Limitations of Kinde session configuration

Link to this section
  • Session cookies are not destroyed when a tab is closed, the full browser window must be closed.
  • Modern browsers usually allow session restoration. Restoring a browser session can also restore a session cookie.

Manage SSO session behaviors and policies per organization

Link to this section

When you change session settings at the organization level, this overrides session settings at the environment level.

  1. In Kinde, go to Organizations and open the organization whose session settings you want to configure.
  2. Select Sessions in the side menu.
  3. In the SSO sessions section, decide on the policy for session cookies. A persistent session leaves the cookie active when the browser is closed. A non-persistent session is terminated when the browser window closes (unless the limitations listed above apply).
  4. In the Session inactivity timeout section, set how long a session can be inactive before prompting re-authentication. This setting is applied in seconds - where 3,600 seconds is one hour; 86,400 seconds is one day.
  5. When you’re finished, select Save.

The session settings will now be applied to members of this organization.

What counts as activity for SSO session inactivity?

Link to this section

Organization-level Session inactivity timeout follows the same rules as environment-level session settings. For what Kinde treats as activity (including how token refresh and API traffic relate to the timer), see Session management.

Manage organization session behavior via API

Link to this section

Use this endpoint to update session settings via API. PATCH /api/v1/organizations/{org_code}/sessions

Related articles

Useful links

  • Join the community

    Get support from the Kinde team and expert users in the Kinde community

    Join via Slack or Discord

  • Contact support

    Chat to support through the Kinde help widget, or send a question via email

    Send an email