Shorter Token Expiry

Using Google for the identity provider I see the shortest token expiry configurable is 3 days. Can this be reduced with an Enterprise Contract or custom, direct SAML/OIDC federation?

Emaling can reduce it as low as 24 hours.

It is generally unpleasant to use, as reauthentication notifications occur frequently, but can be done.