Question on leveraging Client Connector with O365 Conditional Access/MFA

Hey -

Currently planning a deployment of the ZScaler Client Connector and have embedded integration with AzureAD SSO SAML.

Once the app is installed on a machine and the user has logged in/authenticated for the first time, does anybody know if this eventually “times out” or prompts for re-authentication? We leverage conditional access policies so just wondering whether the user would ever be prompted to fully re-authenticate via Microsoft (assuming they did not log out of the app).

Thanks!