diff --git a/cmd/login.go b/cmd/login.go
index fd0b9780..6ed78b3e 100644
--- a/cmd/login.go
+++ b/cmd/login.go
@@ -6,6 +6,8 @@ import (
 	"io/ioutil"
 	"net/http"
 	"net/url"
+	"os"
+	"time"
 
 	"github.com/99designs/keyring"
 	analytics "github.com/segmentio/analytics-go"
@@ -16,9 +18,10 @@ import (
 
 // loginCmd represents the login command
 var loginCmd = &cobra.Command{
-	Use:   "login <profile>",
-	Short: "login will authenticate you through okta and allow you to access your AWS environment through a browser",
-	RunE:  loginRun,
+	Use:    "login <profile>",
+	Short:  "login will authenticate you through okta and allow you to access your AWS environment through a browser",
+	RunE:   loginRun,
+	PreRun: loginPre,
 }
 
 // Stdout is the bool for -stdout
@@ -27,6 +30,18 @@ var Stdout bool
 func init() {
 	RootCmd.AddCommand(loginCmd)
 	loginCmd.Flags().BoolVarP(&Stdout, "stdout", "", false, "Print login URL to stdout instead of opening in default browser")
+	loginCmd.Flags().DurationVarP(&sessionTTL, "session-ttl", "t", time.Hour, "Expiration time for okta role session")
+	loginCmd.Flags().DurationVarP(&assumeRoleTTL, "assume-role-ttl", "a", time.Hour, "Expiration time for assumed role")
+}
+
+func loginPre(cmd *cobra.Command, args []string) {
+	if err := loadDurationFlagFromEnv(cmd, "session-ttl", "AWS_SESSION_TTL", &sessionTTL); err != nil {
+		fmt.Fprintln(os.Stderr, "warning: failed to parse duration from AWS_SESSION_TTL")
+	}
+
+	if err := loadDurationFlagFromEnv(cmd, "assume-role-ttl", "AWS_ASSUME_ROLE_TTL", &assumeRoleTTL); err != nil {
+		fmt.Fprintln(os.Stderr, "warning: failed to parse duration from AWS_ASSUME_ROLE_TTL")
+	}
 }
 
 func loginRun(cmd *cobra.Command, args []string) error {
diff --git a/lib/provider.go b/lib/provider.go
index 48dacd50..2638d3cd 100644
--- a/lib/provider.go
+++ b/lib/provider.go
@@ -18,7 +18,7 @@ const (
 	MaxSessionDuration    = time.Hour * 36
 	MinSessionDuration    = time.Minute * 15
 	MinAssumeRoleDuration = time.Minute * 15
-	MaxAssumeRoleDuration = time.Hour
+	MaxAssumeRoleDuration = time.Hour * 12
 
 	DefaultSessionDuration    = time.Hour * 4
 	DefaultAssumeRoleDuration = time.Minute * 15