Configurable session duration and periodic re-authentication for Enterprise

Enterprise admins can now decide exactly how long users stay signed in, and require periodic re-authentication for an extra layer of control.

Custom session lengths for web and mobile: Set independent session durations for each, so policy matches how your team actually works.

Force re-authentication on a schedule: Even users who never log out can be required to re-authenticate at a set interval — useful for organizations with stricter security or compliance requirements.

A smooth user experience: A countdown appears as the re-auth deadline approaches before redirecting to login. Existing sessions get a grace period when the policy is first enabled, so no one is logged out unexpectedly.

Full audit trail: Every session policy change is recorded in the Account Activity audit log.