In products I have setup with SAML, after first login all remain authenticated through browser session and most persist for some period of time even when the browser has been closed and reopened or the computer rebooted. Some require login after an hour and some don't require a new login for weeks. So, it varies on the auto-logout. If we can't configure it, I would probably prefer shorter for passwordstate.