The session is cookie based and the maximum duration is configurable in your account advanced settings. You would then also have to enable each client to make use of that session though the Use Auth0 instead of the IdP to do Single Sign On setting available at the client level.