Skip to main content

Control how long members stay signed in

Security policies often require sessions to expire faster, or last longer, than the platform default. Administrators can now set a session duration for their organization from the Security page.

A session duration per organization

By default, a Boldo session stays active for 7 days of inactivity. From OrganizationSecurity, administrators can now adjust this window, from 1 day to 60 days. The change applies immediately: sessions of current members are shortened right away if needed, and every future sign-in follows the new duration.

Because a session belongs to the user rather than to one organization, members of several organizations get the strictest duration among them, and an organization without a custom duration counts as the 7-day default. Everyone can check their effective session duration, and which organization sets it, from their account Security page.

Read Security for the full workflow.

Why this matters

Session lifetime is a recurring compliance requirement: the shorter the session, the smaller the window an unattended or stolen device can be abused. Other teams prefer fewer sign-ins on trusted devices. This control lets each organization match Boldo to its own security policy without affecting others.