Tuesday, March 27, 2018

Control session length for Google services on the web

To protect your organization’s data, we automatically sign any G Suite user out of Google services they’re using on the web (like Gmail and Drive) after two weeks. We’ve heard, however, that some organizations need different durations for different use cases. For instance, if users access work data outside their corporate network, a shorter session length may be warranted. In other cases, a longer session length may be appropriate, and not requiring users to continually enter their password makes for a much better experience.

That’s why we’re giving G Suite Business, Enterprise, and Education admins the ability to specify the duration of web sessions for Google services (e.g. four hours, seven days, or infinite). Unless a user logs out on their own beforehand, they’ll be automatically signed out at the end of that duration and prompted to re-enter their login credentials.

These settings apply to all desktop web sessions, as well as some mobile browser sessions. Native mobile apps, like Gmail for Android and iOS, aren’t impacted by these settings. These settings also only apply to domains where Google is responsible for the login (i.e. where Google is the Identity Provider), and not to domains that federate to another Identity Provider using SAML. Support for these domains will be added in the future.

For more information on specifying session duration for Google services, please see the Help Center

2-step verification (2SV) frequency

When a user logs into their G Suite account today, they’re given an option to “Remember this computer.” When this box is checked, they’re not prompted for their second factor—even if they log out of their Google session and log back in.

As part of this launch, we’re giving all admins the option to show their users this checkbox or have them presented with a 2SV challenge every time they enter their password.

When “Allow the user to trust the device at 2-step verification” is selected, the checkbox will be displayed. This is the default. When “Do not allow the user to trust the device at 2-step verification” is selected, the user will be forced to undergo a 2SV challenge every time they sign in. These settings can be found in the Admin console under Security > Basic settings > Go to advanced settings to enforce 2-step verification. They have no impact on users who aren’t enrolled in 2SV.

For more information on setting 2SV frequency, please see the Help Center.

Launch Details
Release track:
Launching to both Rapid Release and Scheduled Release

Session duration controls available to G Suite Business, Enterprise, and Education editions only; 2SV frequency controls available to all G Suite editions

Rollout pace:
Gradual rollout (up to 15 days for feature visibility)

Admins only

Admin action suggested/FYI

More Information
Help Center: Set up session length for Google services

Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates