Like most applications, Zendesk implements a session expiration to enhance security. Signing users out after a period of inactivity reduces the risk of unauthorized access.
If Zendesk authentication is enabled, a Zendesk admin can customize the session expiration as part of our advanced authentication security policy.
Understanding Zendesk session time
When users sign into Zendesk, their session remains valid as long as user activity occurs. By default, a session expires after eight hours of inactivity.
- User activity is when you click something explicitly in the Zendesk user interface or when the application pulls information automatically in the background. Information pulls often happen to keep the Zendesk interface up to date, but pulls don't occur uniformly across all Zendesk pages.
- The Zendesk session expiration countdown starts when you close your browser or quit the browser tab where the Zendesk session is running. The countdown can also be triggered when you put your computer to sleep or turn it off. When the session expiration limit is reached, Zendesk terminates your sign-in session, and you have to sign in again to use Zendesk.
- An individual session is immediately terminated once you explicitly sign out of Zendesk.
There are other technical differences and edge cases, but the main idea is that if a user is active, they will never be signed out. If they are inactive, the session will last eight hours by default.
Customizing the inactivity time-out period
A Zendesk admin can customize the session expiration period when Zendesk authentication is enabled. If your security requirements differ for your team members and end users, you can set separate expiration periods for each.
By default, team members are signed out after 60 minutes, and end users are signed out after eight hours.
To set an inactivity time-out period
- In Admin Center, click Account in the sidebar, then select Security > Advanced.
- On the Authentication tab, select a session expiration period for team members and end users under Session expiration.
- Click Save.
17 comments
Raza Jaffri
How can I extend the session expiration for customers to 2 weeks? The control on /admin/security/advanced#authentication only gives option to change it for staff login.
0
Russell Chee
Hey Raza,
Thanks for reaching out to us with your question. At this current time, there is no native way to enable a 2 week extended session for your end-users. This will need to be a feature request and I would recommend reaching out to our forums here on it. Let us know if you need anything else :)
Russell
1
Chad Susa (Gravity CX - Zendesk Partner)
Hi All
Just wondering does anyone know what the Zendesk session time is for end users? (eg: when they login to the Help Centre / customer portal) how long before their session expires?
0
Audrey Ann Cipriano
Hey Chad! End-users' session expires after 8 hours of inactivity :)
1
Shlomo Partouche-Sebban
Hi Zendesk,
My agents and I would like to stay connected all the time.
How can we deactivate the session time?
0
Neha Singh
Hi,
How can I access the current logged in session id in my help centre code?
0
Christopher Kennedy
Hi Neha,
The current session ID isn't referenced anywhere by the Help Center theme. But you can still access it in your theme by sending a client-side request to the Sessions API to return the currently authenticated session.
Best,
1
Diego Garcia
Hi. Does this configuration apply to any of the login methods? I mean, if my agent is logged through SAML o JWT, this configuration applies to this login method as well?
0
Christine
Zendesk users with Single Sign-On will be automatically logged out after 8 hours of inactivity, by default. As a workaround, you can flip over to custom auth settings, define a session length, save, and flip back to SSO and the custom session length will stick.
We tested this on our end by doing the following:
This way the previous session had timed out as expected after 5mins. Hope this helps!
0
Nora
If two instances (tabs) of Zendesk are open in one browser and one refreshes after 30 mins of inactivity, should the agent's call be disconnected as a result?
0
Christine
We'll continue to assist you with the support ticket you raised with us. Kindly check your email for updates. Thanks!
0
Barkha Bhatia
We now allow configurable session times for end users ( Guide Users ) just like we allowed it for Team Members (agents, staff ..). Please feel free to use this as per your requirements.
0
Swapnil Deshmukh
Is there a way we can get all active session?
0
Sabra
Hey Swapnil Deshmukh! The List Sessions API returns all the account's sessions if authenticated as an admin.
0
Steve Berliner
what about non-interactive sessionsm, which typically involve automated processes or scripts that execute predefined tasks without user input or real-time interaction. is there any timeout setting on the Zendesk side?
0
Ivan Miquiabas
Thanks for reaching out! Non-interactive sessions, fallls under the same roof as User activity. As per this article
So Technically, session still works for automated process, or scripts that execute predefined task without user input or real-time interaction.
Hope that helps!
0
cassa no
Hi, How can I configure the settings so that when I log in, close the browser process, and access Zendesk again, the login cookie(zendesk_shared_session) is not maintained? Thanks.
0