At this point, you already know how to apply the different configurations that will allow users to safely log in to the platform. Users will only be active for a few hours, and then will not return until the next day.

Leaving a Google session active for too long without being used is an unnecessary risk, and to minimize this, G Suite allows administrators to define how long a session is considered valid. After this period, the user will be required to log in again.

To define the session length, click on the Session control drop-down menu and select the amount of hours it will last. It can be as short as one hour, or as long as 30 days. You can even make sessions never expire:

Ideally, a session should last an entire day. In most cases, 12 hours should be enough for a user to only be required to log in at the beginning a working day.

Being able to define a session length allows you to easily reduce the chance of unauthorized access. Continue to the next section to learn how you can manage API client access.