Setting up SAML session expiry

Your organization may have specific policies around how frequently users should be asked to re-authenticate. Now you can apply those policies to your Whimsical workspace.

  • SAML SSO is only available on our Org plan
  • You must be a workspace admin to update SAML SSO settings

Setting session timeout

To set how long SAML authenticated user sessions last for in Whimsical:

  1. Open Workspace settings and scroll down to SAML single sign-on
  2. Select your preferred Session timeout from the drop-down list

Timeout options

  • Session - This is the default option for workspaces. These cookies have a session expiration. The browser defines when the current session ends, but this is generally when the browser window closes. This can lead to unpredictable session lifetimes.
  • 1 day, 1 week, 1 month, 1 year - The user session is valid for the specified amount of time.
  • Custom - You can provide a custom number of hours that user sessions will last for. You can set a custom session timeout to between 8 hours and 8,760 hours (equivalent to 365 days).

Session expiration notice

Users logging in with SAML SSO will see a notice before their session expires, allowing them to re-authenticate.

This is only available when you choose a timeout option other than the default Session timeout.

The warning will show 2 hours, 1 hour, and 10 minutes before the session expires.

A note on access to workspace content

The session timeout controls the maximum amount of time a user session is valid for.

However, when you remove a user from your organization’s workspace, the user will immediately lose access to workspace content, even though their Whimsical session may continue to be valid for some time.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Related Articles