This disclosure describes techniques for authenticating a user device for a session. For instance, an authentication entity may authenticate a user device using single sign-on authentication and/or multi-factor authentication. The authentication entity may then determine a duration for which the user device is authenticated for the session. For example, the authentication entity may receive information representing a state of an environment of the user device. The authentication entity may then use the information to identify one or more transitions associated with the environment between the session and a previous session. Using the one or more transitions, the authentication entity may determine the duration for the session by increasing or decreasing a previous duration associated with the previous session.