Update (April 24, 2018): Please note that this post has been updated with new instructions for replicating previous behavior.
In March, we
introduced a setting that allows G Suite Business, Enterprise, and Education admins to
specify the duration of web sessions for Google services (e.g. four hours, seven days, or infinite). At the time, this setting only applied to domains where Google was responsible for the login (i.e. where Google was the Identity Provider). We’re now extending the reach of this setting and making it applicable in domains that federate to another Identity Provider (IdP) using SAML.
Note that these settings apply to all desktop web sessions, as well as
some mobile browser sessions. Native mobile apps, like Gmail for Android and iOS, aren’t impacted by these settings.
Removing session-based cookies on May 7th, 2018In the past, in order to give more control over session lengths to a G Suite customer’s preferred IdP, we set cookies for sessions created by federating to another IdP via SAML as transient, or session-based. These cookies were intended to expire whenever the browser was closed, meaning the user would be redirected to their primary IdP whenever they reopened the browser and visited a Google site.
Over time, however, this behavior has become increasingly inconsistent across browsers. We believe that G Suite admins are better served by explicit session length controls, like the ones we just launched. Unlike session cookies, these controls are respected regardless of the user’s browser.
With this in mind, we’ll be removing session-based cookies for G Suite customers who federate to another IdP via SAML on
May 7th, 2018. Please consider
setting a custom session length for your organization if your workflows depend on it.
Replicating previous behaviorIf it’s critical to replicate the previous behavior, where all sessions expired when a browser was closed, you can change the browser settings on impacted machines to delete all local data when the browser is exited. Instructions to configure this on Chrome can be found
here. To deploy this policy on multiple machines, use
Chrome policies to configure ephemeral mode.
Launch DetailsRelease track:Launching to both Rapid Release and Scheduled Release
Editions:Available to G Suite Business, Enterprise, and Education editions only
Rollout pace:Gradual rollout (up to 15 days for feature visibility)
Impact:Admins only
Action:Admin action suggested/FYI
More InformationHelp Center: Set up session length for Google servicesLaunch release calendarLaunch detail categoriesGet these product update alerts by emailSubscribe to the RSS feed of these updates