Like most applications, Zendesk implements a session expiration to enhance security. Signing users out after a period of inactivity reduces the risk of unauthorized access.
If Zendesk authentication is enabled, a Zendesk admin can customize the session expiration as part of our advanced authentication security policy.
Understanding Zendesk session time
When users sign into Zendesk, their session remains valid as long as user activity occurs. By default, a session expires after eight hours of inactivity.
- User activity is when you click something explicitly in the Zendesk user interface or when the application pulls information automatically in the background. Information pulls often happen to keep the Zendesk interface up to date, but pulls don't occur uniformly across all Zendesk pages.
- The Zendesk session expiration countdown starts when you close your browser or quit the browser tab where the Zendesk session is running. The countdown can also be triggered when you put your computer to sleep or turn it off. When the session expiration limit is reached, Zendesk terminates your sign-in session, and you have to sign in again to use Zendesk.
- An individual session is immediately terminated once you explicitly sign out of Zendesk.
There are other technical differences and edge cases, but the main idea is that if a user is active, they will never be signed out. If they are inactive, the session will last eight hours by default.
Customizing the inactivity time-out period
A Zendesk admin can customize the session expiration period when Zendesk authentication is enabled. If your security requirements differ for your team members and end users, you can set separate expiration periods for each.
To set an inactivity time-out period
- In Admin Center, click Account in the sidebar, then select Security > Advanced.
- On the Authentication tab, select a session expiration period for team members and end users under Session expiration.
- Click Save.