The Org Policies around Vault Timeout options are very lacking.
If you set a max timeout, you lose the incredibly insecure option of “Never”, but you also lose very valuable options such as “On Browser Restart”. Since we use Citrix, this option is extremely valuable as people get a new session every day.
If we have the vault timeout policy turned off, users get the option to set the vault timeout to Never. This is incredibly insecure for this to be available to the standard user, who will not care about the warning that is posted when selecting this option.
As an admin, we should have more flexibility with the vault timeout. Options to select custom time intervals would be helpful as well. Ideally, admins would have full control over which options are visible to users.