Currently, session timeouts in Auth0 are configured globally/region-wide. We are requesting an Auth0 Management API endpoint that allows us to dynamically update the session timeout duration for specific tenants or individual applications. Rather than relying on a static, common timeout across a region, this API would allow us to override and set custom session limits programmatically on a per-customer basis.
Use-case: We are building a multi-tenant application that includes a self-service customer portal. Our customers have varying security and compliance policies, meaning they require different session timeout durations. We want to allow them to log into our portal and define their own custom session timeout limit. When they save this setting, our backend would call the requested Auth0 API to apply that specific duration to their respective tenant/application. This feature would drastically improve our experience by enabling true customer self-service and preventing us from having to enforce a “one-size-fits-all” session policy across our entire user base.