To configure the authentication session:

1. Go to Administration > Authentication > Authentication Session.

2. In the Authentication Session window:

   • Idle Session Timeout Duration (in Minutes):Enter the timeout period after which the user is logged out from a ZIdentity session. You can set the timeout period from 5 to 600 minutes (10 hours).
   • Authentication Session for Service Enrollment: Enable this option if you want ZIdentity's authenticated session to apply to Zscaler services for enrolling users. This option is disabled by default, as the ZIdentity service sends users to the organization's identity provider (IdP) for authentication. This option is shown only when the User Single Sign-On (SSO) feature is enabled for your tenant.

   • Force Authentication for Private Access Reauthentication: This option is disabled by default. The ZIdentity service does not send this parameter to the IdP and allows the IdP's settings to determine whether or not to prompt the user for authentication. Enable this option for your configured IdPs or hosted users when the Zscaler Private Access (ZPA) service requests reauthentication. When enabled, ZIdentity sends a parameter to the IdP and informs the IdP to ignore ZIdentity's authentication session for the user and prompt the user for authentication whenever the ZPA service requests reauthentication. This option is shown only when the User Single Sign-On (SSO) feature is enabled for your tenant.

     By default, only the Hosted option is shown for all tenants. The options for third-party IdPs are also listed, depending on the external IdPs configured for the tenant.

   See image.

   Close

3. Click Save.