New in Looker 6.4 is the ability to set login session maximum duration and to disable logins from multiple browsers and devices.
By default, when a user logs into Looker, they are given an option to stay logged in:
The Sessions panel, in the Authentication section of the Admin menu, lets you configure whether users have the option to stay logged in, how long they stay logged in if they don’t choose that option, and whether they can stay logged in from multiple devices.
When a user selects the option to stay logged in, they will be authorized to access Looker for 30 days. When they close and reopen their browser, they can navigate to Looker without being required to log in again.
Disabling Persistent Sessions removes the “Stay logged in” option from the login screen. Users will be automatically logged out after the amount of time specified in the Session Duration section, or whenever they close their browser. This forces users to re-authenticate the next time they access Looker.
By default, when a user does not select the option to stay logged in, their session will expire after 30 minutes. Two minutes before a session expires, the user is given the option to extend the session. If they do not extend their session, their session ends and they are logged out of Looker.
The Session Duration field lets you change the amount of time a user can stay logged in before they will be notified and their session will expire. You can set this value from 5 minutes to 30 days.
By default, users can remain logged in to Looker from multiple browsers and devices simultaneously. Disabling Concurrent Sessions lets you require users to log in from only one browser and device at a time. When Concurrent Sessions is disabled, a user is automatically logged out of any other browser session when they log in from a different browser or device.