In an OIDC compliant flow what is the expected behavior of SSO expiration?
I assume the session expiration is still controlled by the tenant/account settings:
![alt text][1]
Are there are other rules?
Does the expiration alter between active and inactive sessions?
If have a timeout set for 1 month but I don’t attempt to log into my app for 2 weeks will I be rejected?
Your assumption is correct, the setting you mentioned will have an impact in the session expiration.
Additionally, according to the documentation, have in mind that there is a maximum absolute duration for the session (which you can configure through the setting you mentioned), but there’s also a timeout for inactivity; the timeout for inactivity is three days and is non-configurable at the moment.