We only have one global timeout setting which is for the user portal itself.
Applications that are being federated through the user portal have their own session timeout durations within the application. Some applications, like AWS have a timeout SAML attribute that can be sent to the service provider (SP) that will tell the application when to terminate the session.
This gets even more complicated when there is a SP initiated login, where it has to request the SAML assertion to receive those attributes.
Lastly, JumpCloud does not support SLO at the moment. SLO, allows for user sessions to be logged out when the idP session is terminated. Since we don't support that, all applications the user is logged into will remain logged in as long as the application's session doesn't expire.