This page provides guidance for managing Identity-Aware Proxy (IAP) with Workforce Identity Federation sessions.
When you set up a workforce pool, you can specify the session duration between Google Cloud and an IdP. You can specify the session duration to be between 15 minutes and 12 hours. This setting is also the length of the IAP session cookie. The default session duration time is one hour.
When a session expires, the end user is redirected to third-party IdP to sign in. If the third-party IdP session is still active, sign-in is silent.
For more information about setting the session duration time, see Manage workforce identity pool providers.
Establish a session using an AJAX request
When working with Workforce Identity Federation, you can also make AJAX requests to establish a session. See AJAX requests for more information.