The maximum allowed inactivity timeout (for shared tenant environments at least) is 3 days. If you set the timeout to its 3 day max (in tenant advanced settings) the user’s SSO session will time out after 3 days of inactivity.
The timeout for individual tokens is set in each application’s settings. I believe the usual practice is to make these as short as possible (we set ours to 5 minutes) in order to minimize exposure if an account is compromised, blocked, or deleted.