Organization session policy

Override application-level session timeouts for specific organizations with custom absolute and idle session policies

By default, all organizations inherit the session policy configured at the application level — covering absolute session duration and idle timeout. When an enterprise customer requires stricter or different session controls than your application defaults, you can set a custom session policy on a per-organization basis.

Scalekit always enforces the stricter of the two (application vs. organization) at session creation time, so organization policies can only tighten — not relax — your application-level defaults.

Prerequisites

Organization-level session policies are controlled by the session_policy feature flag. Enable it on the organization before applying a custom policy.

1
await scalekit.organization.updateOrganizationSettings('org_12345', {
2
  features: [{ name: 'session_policy', enabled: true }],
3
});

1
scalekit_client.organization.update_organization_settings(
2
    organization_id='org_12345',
3
    settings=[{'name': 'session_policy', 'enabled': True}],
4
)

1
_, err := scalekitClient.Organization().UpdateOrganizationSettings(ctx, "org_12345",
2
    scalekit.OrganizationSettings{
3
        Features: []scalekit.Feature{
4
            {Name: "session_policy", Enabled: true},
5
        },
6
    },
7
)
8
if err != nil {
9
    log.Fatal(err)
10
}

1
import com.scalekit.grpc.scalekit.v1.organizations.OrganizationSettingsFeature;
2
import java.util.List;
3

4
scalekitClient.organizations().updateOrganizationSettings(
5
    "org_12345",
6
    List.of(OrganizationSettingsFeature.newBuilder()
7
        .setName("session_policy")
8
        .setEnabled(true)
9
        .build())
10
);

Session policy fields

Field	Description
`policySource`	`APPLICATION` (inherit defaults) or `CUSTOM` (use per-org values)
`absoluteSessionTimeout`	Maximum session lifetime regardless of activity
`absoluteSessionTimeoutUnit`	Unit for absolute timeout: `MINUTES`, `HOURS`, or `DAYS`
`idleSessionTimeoutEnabled`	Whether idle timeout is active for this organization
`idleSessionTimeout`	Time after which an idle session expires
`idleSessionTimeoutUnit`	Unit for idle timeout: `MINUTES`, `HOURS`, or `DAYS`

Get the current session policy

Retrieve the active session policy for an organization to display it in your settings UI or audit the current configuration.

1
const policy = await scalekit.organization.getOrganizationSessionPolicy('org_12345');
2

3
// policySource: 1 = APPLICATION (inheriting defaults), 2 = CUSTOM (org-specific values active)
4
console.log('Policy source:', policy.policySource);
5
console.log('Absolute timeout (minutes):', policy.absoluteSessionTimeout);
6
console.log('Idle timeout enabled:', policy.idleSessionTimeoutEnabled);

1
from scalekit.v1.organizations.organizations_pb2 import SessionPolicyType
2

3
response, _ = scalekit_client.organization.get_organization_session_policy('org_12345')
4
policy = response.policy
5

6
if policy.policy_source == SessionPolicyType.CUSTOM:
7
    print('Absolute timeout (minutes):', policy.absolute_session_timeout.value)
8
    print('Idle timeout enabled:', policy.idle_session_timeout_enabled.value)

1
policy, err := scalekitClient.Organization().GetOrganizationSessionPolicy(ctx, "org_12345")
2
if err != nil {
3
    log.Fatal(err)
4
}
5

6
if policy.PolicySource == scalekit.SessionPolicySourceCustom {
7
    fmt.Println("Absolute timeout (minutes):", policy.AbsoluteSessionTimeout.GetValue())
8
    fmt.Println("Idle timeout enabled:", policy.IdleSessionTimeoutEnabled.GetValue())
9
}

1
import com.scalekit.grpc.scalekit.v1.organizations.OrganizationSessionPolicySettings;
2
import com.scalekit.grpc.scalekit.v1.organizations.SessionPolicyType;
3

4
OrganizationSessionPolicySettings policy =
5
    scalekitClient.organizations().getOrganizationSessionPolicy("org_12345");
6

7
if (policy.getPolicySource() == SessionPolicyType.CUSTOM) {
8
    System.out.println("Absolute timeout (minutes): " + policy.getAbsoluteSessionTimeout().getValue());
9
    System.out.println("Idle timeout enabled: " + policy.getIdleSessionTimeoutEnabled().getValue());
10
}

Set a custom session policy

Apply a custom policy when an organization requires different session durations than your application defaults.

1
const updated = await scalekit.organization.updateOrganizationSessionPolicy('org_12345', {
2
  policySource: 'CUSTOM',
3
  absoluteSessionTimeout: 480,
4
  absoluteSessionTimeoutUnit: 'MINUTES',
5
  idleSessionTimeoutEnabled: true,
6
  idleSessionTimeout: 60,
7
  idleSessionTimeoutUnit: 'MINUTES',
8
});
9

10
console.log('Policy updated:', updated.policySource);

1
from scalekit.v1.organizations.organizations_pb2 import SessionPolicyType
2
from scalekit.v1.commons.commons_pb2 import TimeUnit
3

4
response, _ = scalekit_client.organization.update_organization_session_policy(
5
    organization_id='org_12345',
6
    policy_source=SessionPolicyType.CUSTOM,
7
    absolute_session_timeout=480,
8
    absolute_session_timeout_unit=TimeUnit.MINUTES,
9
    idle_session_timeout_enabled=True,
10
    idle_session_timeout=60,
11
    idle_session_timeout_unit=TimeUnit.MINUTES,
12
)
13

14
print('Policy updated:', response.policy.policy_source)

1
timeout := int32(480)
2
idleTimeout := int32(60)
3
idleEnabled := true
4

5
updated, err := scalekitClient.Organization().UpdateOrganizationSessionPolicy(ctx, "org_12345", scalekit.OrganizationSessionPolicy{
6
    PolicySource:               scalekit.SessionPolicySourceCustom,
7
    AbsoluteSessionTimeout:     &timeout,
8
    AbsoluteSessionTimeoutUnit: scalekit.TimeUnitMinutes,
9
    IdleSessionTimeoutEnabled:  &idleEnabled,
10
    IdleSessionTimeout:         &idleTimeout,
11
    IdleSessionTimeoutUnit:     scalekit.TimeUnitMinutes,
12
})
13
if err != nil {
14
    log.Fatal(err)
15
}
16

17
fmt.Println("Policy updated:", updated.PolicySource)

1
import com.google.protobuf.Int32Value;
2
import com.google.protobuf.BoolValue;
3
import com.scalekit.grpc.scalekit.v1.commons.TimeUnit;
4
import com.scalekit.grpc.scalekit.v1.organizations.OrganizationSessionPolicySettings;
5
import com.scalekit.grpc.scalekit.v1.organizations.SessionPolicyType;
6

7
OrganizationSessionPolicySettings policy = OrganizationSessionPolicySettings.newBuilder()
8
    .setPolicySource(SessionPolicyType.CUSTOM)
9
    .setAbsoluteSessionTimeout(Int32Value.of(480))
10
    .setAbsoluteSessionTimeoutUnit(TimeUnit.MINUTES)
11
    .setIdleSessionTimeoutEnabled(BoolValue.of(true))
12
    .setIdleSessionTimeout(Int32Value.of(60))
13
    .setIdleSessionTimeoutUnit(TimeUnit.MINUTES)
14
    .build();
15

16
OrganizationSessionPolicySettings updated =
17
    scalekitClient.organizations().updateOrganizationSessionPolicy("org_12345", policy);
18

19
System.out.println("Policy updated: " + updated.getPolicySource());

Revert to application defaults

Remove a custom policy and restore the organization to the application-level session settings.

1
await scalekit.organization.updateOrganizationSessionPolicy('org_12345', {
2
  policySource: 'APPLICATION',
3
});

1
from scalekit.v1.organizations.organizations_pb2 import SessionPolicyType
2

3
scalekit_client.organization.update_organization_session_policy(
4
    organization_id='org_12345',
5
    policy_source=SessionPolicyType.APPLICATION,
6
)

1
_, err := scalekitClient.Organization().UpdateOrganizationSessionPolicy(ctx, "org_12345", scalekit.OrganizationSessionPolicy{
2
    PolicySource: scalekit.SessionPolicySourceApplication,
3
})
4
if err != nil {
5
    log.Fatal(err)
6
}

1
import com.scalekit.grpc.scalekit.v1.organizations.OrganizationSessionPolicySettings;
2
import com.scalekit.grpc.scalekit.v1.organizations.SessionPolicyType;
3

4
OrganizationSessionPolicySettings policy = OrganizationSessionPolicySettings.newBuilder()
5
    .setPolicySource(SessionPolicyType.APPLICATION)
6
    .build();
7

8
scalekitClient.organizations().updateOrganizationSessionPolicy("org_12345", policy);