# Session Policy

> The value set for idle timeout represents the amount of time a user can be inactive before their session is disconnected and they are singed out.

## Setting the idle timeout

The value set for idle timeout represents the amount of time a user can be inactive before their session is disconnected and they are singed out.

To set the idle timeout:

1. Go to **Admin**, at host level, and then select **Security**.

The **Security Settings** page for the organization opens.

2. Along the top, select the **Session Policy** tab.
3. If not already enabled, select the toggle next to **Enable Idle Timeout** to enable this setting.
4. Under **Timeout settings**, set the number of minutes, hours, or days.
5. Select **Save** in the bottom right corner of the page.

A confirmation message appears in the top right after the change is applied.

## Restrict or allow concurrent sessions

This feature governs user sessions within web browsers. It determines whether a user can have more than one active session at the same time.

* If the **Limit Concurrent Sessions** option is enabled, it restricts users to a single active session at any given time. If a user is already logged in and attempts to log in from another browser or device, the previous session is terminated.
* If the **Limit Concurrent Sessions** option is disabled, users can log in from different browsers or devices simultaneously. Each login is treated as a separate session, and users can switch between them without being automatically disconnected from the previous sessions.

To change concurrent sessions settings:

1. Go to **Admin**, select your organization, and then select **Security**.

The **Security Settings** page for the organization opens.

2. Along the top, select the **Session Policy** tab.
3. Select the toggle next to **Limit Concurrent Sessions** to enable or disable this setting.
4. Select **Save** in the bottom right corner of the page.

A confirmation message appears in the top right after the change is applied.