Newer Version Available
Session Security
You can control when an inactive user session expires. The default session timeout is two hours of inactivity. When the session timeout is reached, users are prompted with a dialog that allows them to log out or continue working. If they don’t respond to this prompt, they’re logged out.
You can restrict access to certain types of resources based on the security level associated with the authentication method for the user’s current session. By default, each login method has one of two security levels: Standard or High Assurance. You can change the session security level and define policies so that specified resources are available only to users assigned a High Assurance level. For details, see Session-level Security.
You can control whether your org stores user logins and whether they can appear from the Switcher with the settings Enable caching and autocomplete on login page, Enable user switching, and Remember me until logout.