What is the problem or goal the end user is trying to solve or accomplish?
Organizations with a SAML SSO integration are able to control the user session duration through the sessionDurationSecs
attribute. Once the session expires, the user is redirected to the authentication page, where they have to enter their email address to be redirected to their IDP -- if an existing session with the IDP already exists, the session is automatically refreshed.
This step adds friction to the product experience, given it's required to re-enter the email address and face a few different redirects until they can keep using the tool.
How are they solving it currently?
Admins can extend the session duration up to 7 days to decrease the amount of times their end users are prompted to authenticate.
What is the recommended solution by the Customer?
Automatically attempt to refresh the end user session in the background, without prompting the user to authenticate. Only force the user to authenticate in case they no longer have a valid session with their IDP.