Manage IAP with Workforce Identity Federation sessions
Stay organized with collections
Save and categorize content based on your preferences.
This page provides guidance for managing Identity-Aware Proxy (IAP) with
Workforce Identity Federation sessions.
When you set up a workforce pool, you can specify the session duration
between Google Cloud and an IdP. You can specify the session
duration to be between 15 minutes and 12 hours. This setting is also the length
of the IAP session cookie. The default session duration time is
one hour.
When a session expires, the end user is redirected to third-party IdP to sign
in. If the third-party IdP session is still active, sign-in is silent.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["This page details how to manage Identity-Aware Proxy (IAP) sessions in the context of Workforce Identity Federation."],["Session duration between Google Cloud and an IdP can be set from 15 minutes to 12 hours, which also determines the IAP session cookie length."],["The default IAP session duration when using Workforce Identity Federation is one hour."],["Expired sessions redirect users to their third-party IdP for sign-in, and if the IdP session is active, sign-in is silent."],["AJAX requests can also be used to establish a session when working with Workforce Identity Federation."]]],[]]
