There are two ways to set the authentication for users when logging in. By default, in the global user setting under User&Authentication -> Authentication settings, auth-time out is set to 5 minutes.

GUI:

CLI:

When using the command diag firewall auth list, the details for the user’s authentication are provided. The command reflects the 'Firewall users 'dashboard, but provides more details on the CLI. If a filter for a certain user or IP is needed, use grep. For example, diag firewall auth list | grep -A 7 -i <user or IP>.
In the sample below, expired and allow-idle was 300 (in seconds) which matches the default authentication timeout which is 5 mins. 

On the other hand, it is also possible to set the authentication timeout per user group. The default authtimeout setting for each user group is 0. This means that it follows the timeout set on the global user authentication setting shown above.

Default setting: 

In this scenario, a separate user group was created with authtimeout set to 1 minute.

The auth list now shows that the expiration and allow-idle time have changed following the setting of the auth timeout on the user group.