Getting Started
- Overview & Company
  - About Identity and Access Management
  - About Evo Security
- Initial Setup & Requirements
  - Evo Prerequisites & Supported Operating Systems
  - MSP Onboarding Guide
  - Evo Authenticator Mobile App 5.1.x (iOS and Android)
  - Evo Supported Authentication Methods
Directory Environments
- Environments
  - What type of Directory do I need?
  - Set up Evo on Active Directory (LDAP)
  - Set up Evo on Azure AD
  - Evo Cloud: Directory-As-A-Service Setup and Installation
  - Sync with Google Workspace
  - Unsupported - Microsoft Azure Virtual Desktop
Deployment & Configuration
- Advanced Configurations
  - How to protect Remote Desktop using Evo Security (RDP Support)
- Scripts & Automation
  - Deploy & Uninstall Evo Agent via PowerShell
  - Deploying the Evo Agent using ConnectWise RMM
- Branding & Customization
  - How do I update the Logos to match my company brand? (Web Page and Agent)
Product Information
- MFA
  - Evo Secure Login for Windows / Troubleshooting Secure Login
- SSO/ SAML
  - What SAML integrations are available?
  - How do I add a rule for single sign-on (SSO) expiration
  - Identity Provider (IdP) Login
  - Connect Web Apps via SAML with Evo: Version 3
  - Azure AD/On-Prem AD Hybrid Environment - Federating Microsoft 365 Domain
  - Azure AD - Federating Microsoft 365 domain
  - WS-Federation integration for Office 365 login
  - Setting up SAML with Salesforce
  - Setting up SAML with Dropbox
  - Setting up SAML with Keeper
  - Setting up SAML with Box.com
  - Setting up SAML with Liongard
  - Setting up SAML with Auvik
  - Setting up SAML with Domotz
- Tech Elevation
  - Elevated Access: Extended User Access Control session
  - Elevated Access: Just-in-Time Accounts
  - Setup Elevated Access
  - Password Rotation with Evo
  - Local Admin Accounts
  - Web Accounts
- End User Elevation
  - Elevated Access: End User Elevation 2.3.x
- Help Desk Verification
  - Help Desk Verification
  - Help Desk Verification with Microsoft Authenticator and Evo Secure Login
- Agents
  - LDAP Agent Settings Editor
  - Installing the macOS Credential Provider
Evo Portal
- Navigation & Managment
  - Welcome to the New Evo Portal!
  - Tenants Page
  - Policies Page
  - Rules Section (Global)
  - Integrations Page
  - Settings Section
  - Dashboard Page
  - Directories Page
  - Vault Section
  - Users Page
  - Groups Page
  - Access Tokens Page
  - Keys (Hardware Keys) Page
  - Endpoints Section
  - Applications Page
  - Elevation Section (Tenant)
  - Role-Based Permissions / List of Roles
- User & Directory Management
  - How do I add or delete customers?
  - How do I add, edit or disable a Domain Account? ( Old UI )
  - How do I add, edit, or delete a directory?
  - How do I disable, enable, or delete user devices (Endpoints)?
  - User Groups
  - How do I manage my user licenses? (Billing and Administration)
Integrations
- PSA & Password Sync Integrations
  - Evo Password Integration with ITGlue
  - Integrating Evo with IT Glue
  - Evo Password Integration with Hudu
  - Evo Integration with Autotask
  - Evo Integration with ConnectWise
User Onboarding & Guidance
- MFA & Access Behavior
  - How does the "MFA Status" toggle work?
  - Set Evo Secure Login as default option at login screen
  - MFA Grace Period
  - Temporary Authentication Lockout
- Account Management
  - How do I reset my Evo password?
  - How do I see authentication activity?
  - How do I convert user types?
  - How do I manage my users / users devices?
- End User Documentation
  - How do I create my user account?
  - How do i log in?
  - How do I register my device?
  - Evo Authenticator watch app
  - Using Evo Secure Login (End User)
  - Using Evo Security (End User) - Azure AD
  - Using Evo Security (End User) - Active Directory
Troubleshooting & FAQs
- Directories Troubleshooting
  - Troubleshooting Evo Authenticator Mobile App Issues
  - Error Fetching AD Groups: How to fix AAD Client Secret expired
  - Troubleshoot issues with the Evo LDAP Agent
  - On-prem AD Virtual Machine hosted on Azure (timeout settings)
- Secure Login Troubleshooting
  - Error: Login Denied due to Temporary Lockout
  - Error Message: the account is disabled or not found
  - How to Fix Secure Login Always Requests Offline Code
  - How to use Offline code to login to Windows machine without Internet
- Elevated Access Troubleshooting
  - Error: The user has not been granted the requested logon type at this computer
  - How to Troubleshoot Elevated Access / Domain Accounts
- Mobile App Troubleshooting
  - Troubleshooting Evo Authenticator Mobile App Issues
- End User Troubleshooting
  - User cannot login after changing email
- RADIUS Troubleshooting
  - RADIUS - Secure RADIUS Servers with TLS/radsecproxy (CVE-2024-3596)
  - Requesting a RADIUS Server in Evo / RADIUS Troubleshooting
Support & Resources
- Support & Resources
  - Where to go for help / feature requests
  - Adding Evo Users to the Evo Support Portal
  - Setting up Mobile Email to Provide Logs to Evo
  - How do I add, edit, or delete email campaigns?
  - How do I update Evo software?
More

How do I add a rule for single sign-on (SSO) expiration

Last updated on September 11, 2025

A policy for single sign-on can help you control a temporary duration for SSO before the user must re-authenticate or enforce multi-factor authentication (MFA) for all logins.

NOTE: The SSO rule applies globally to all users/customers within your Evo Environment. SSO rule is specific for SAML Webapps.(Does not apply to Evo Credential Provider). Only 1 SSO rule is allowed per environment.

How to apply the rule globally

1. From the dashboard, click Policies. 2. Click New+ on top right. 3. Click Single Sign-On (SSO) Reset Frequency. 4. Use the slider to define the rule. 1.To Always Require MFA. Move the slider all the way to the left. 2.To expire SSO after a period. Move the slider based on your organizations’ rules. Anywhere between 1 to 7 days.

5. Click Save.

It is recommended that if the SAML capable web application allows you to configure a session timeout. You match it to the policy defined within your Evo Portal.

Did this answer your question?

😞

😐

🤩

What SAML integrations are available? Identity Provider (IdP) Login