Compare to https://news.ycombinator.com/item?id=37173339 which has a lot of discussions of similar issues for "modern" security configurations. Just because IT admins can choose to set a short session expiration on your SSO integration for your MDM managed laptop doesn't mean that we should cooperate with them or develop tools to let them do that.