Session Timeouts
Configurable session timeouts allow you to enforce stricter security policies than PagerDuty's default values.
AvailabilityThis feature is available only via API.
Timeout Types
You can define two types of timeouts for both web and mobile sessions.
Idle Timeout
Automatically logs out users after a specified period of inactivity, protecting against unauthorized access when users step away from their devices. You can set this value between 60 seconds and 180 days.
Absolute Timeout
Defines the maximum duration a session can remain active since login, regardless of user activity. This ensures regular re-authentication and reduces exposure from potentially compromised sessions. You can set this value between 10 minutes (600 seconds) and 210 days (18,144,000 seconds).
Default Values
Unless you configure custom values, the following defaults apply to your account:
| Platform | Idle Timeout | Absolute Timeout |
|---|---|---|
| Web | 15 minutes | 1 hour |
| Mobile | 210 days | 5 years |
NoteAccounts created before March 02, 2026 keep their existing timeout settings unless explicitly modified. The defaults apply to new accounts as of March 02, 2026 only.
Mobile Configuration LimitsThe PagerDuty API currently supports a maximum configuration of 180 days (Idle) and 210 days (Absolute).
If you use the API to configure custom mobile timeouts, you will be limited to these ranges and cannot manually set them back to the 210-day/5-year defaults. To restore the original long-term mobile defaults, you must Delete your Session Configuration.
Key Behaviors
New vs. Existing Sessions
When you configure session timeouts, the new values take effect immediately for all new logins. Additionally, all existing sessions of the specified type (mobile, web, or both) are immediately revoked, requiring users to log in again with the new timeout policies in effect.
Scope
Session timeouts apply account-wide to all users. Role-based or user-specific timeout configurations are not supported.
Integrations
Session timeouts do not apply to integrations (such as Jira, Slack, etc.), which continue to use their predefined timeouts.
Configuring Session Timeouts
Session timeouts are configured via the PagerDuty API. You'll need admin or account owner permissions to make changes.
For complete API documentation, including authentication requirements, request examples, and response formats, see:
- Get Session Configurations - View your current settings
- Configure Session Timeouts - Create or update timeout policies
- Delete Session Configurations - Revert to default values
Updated 9 days ago