Session length defines how long a user’s session remains active after signing in. During this time, users can interact with your application without needing to re-authenticate.
Setting an appropriate session length helps balance user convenience with security. Sessions should be long enough to avoid unnecessary re-authentications that disrupt user flows, but short enough to reduce the risk of unauthorized access, especially on shared or unattended devices.
ID.me sets the default session timeout to 15 minutes. This means that a signed-in user will remain authenticated for 15 minutes of inactivity before being required to log in again.
Session length options may vary based on your application’s policy and risk profile. If your use case requires a different timeout duration, you may request a configuration change through your ID.me solution consultant or email partnersupport@id.me.