You want to enable Absolute Session Timeout introduced with DLP 16.0RU1.

The absolute session timeout is used to control the maximum session time that a user can be active. The session is closed and invalidated when the defined absolute period is reached. After the session is invalidated, the user must authenticate again in Enforce and must establish a new session. You can set the limit in the Manager.properties file. This feature is off by default.

16.0RU1 and newer

You need to add to the below line to the Manager.properties and recycle SymantecDLPManagerService to enable it:

com.vontu.manager.absoluteUISessionTimeoutInMinutes = 15

The above setting will cause that each cookie will be terminated after 15 minutes so a user will be logged out. Lack of the setting or value 0 disables the feature.

Enforce Server Features in Data Loss Prevention 16.0.1