SSO Expiration Behaviour in OIDC flows

In an OIDC compliant flow what is the expected behavior of SSO expiration?

I assume the session expiration is still controlled by the tenant/account settings:
![alt text][1]

Are there are other rules?

Does the expiration alter between active and inactive sessions?

If have a timeout set for 1 month but I don’t attempt to log into my app for 2 weeks will I be rejected?

Your assumption is correct, the setting you mentioned will have an impact in the session expiration.

Additionally, according to the documentation, have in mind that there is a maximum absolute duration for the session (which you can configure through the setting you mentioned), but there’s also a timeout for inactivity; the timeout for inactivity is three days and is non-configurable at the moment.