diff --git a/deploy/helm-chart/chart/gateway/templates/secret-configs.yaml b/deploy/helm-chart/chart/gateway/templates/secret-configs.yaml
index 5da706166..e46d5fa98 100644
--- a/deploy/helm-chart/chart/gateway/templates/secret-configs.yaml
+++ b/deploy/helm-chart/chart/gateway/templates/secret-configs.yaml
@@ -48,3 +48,4 @@ stringData:
   PLUGIN_INDEX_PATH: '{{ .Values.config.PLUGIN_INDEX_PATH | default "/opt/hoop/sessions/indexes" }}'
   WEBAPP_USERS_MANAGEMENT: '{{ .Values.config.WEBAPP_USERS_MANAGEMENT }}'
   ANALYTICS_TRACKING: '{{ .Values.config.ANALYTICS_TRACKING | default "enabled" }}'
+  MAX_ACCESS_DURATION_HOURS: '{{ .Values.config.MAX_ACCESS_DURATION_HOURS | default "48" }}'
diff --git a/deploy/helm-chart/chart/gateway/values.yaml b/deploy/helm-chart/chart/gateway/values.yaml
index 432edb97d..6ba191504 100644
--- a/deploy/helm-chart/chart/gateway/values.yaml
+++ b/deploy/helm-chart/chart/gateway/values.yaml
@@ -44,6 +44,7 @@ config:
   # GOOGLE_APPLICATION_CREDENTIALS_JSON: ''
   # PLUGIN_AUDIT_PATH: ''
   # PLUGIN_INDEX_PATH: ''
+  # MAX_ACCESS_DURATION_HOURS: '48'
 
 mainService:
   # -- Annotations to add in the main service
diff --git a/gateway/transport/plugins/review/review.go b/gateway/transport/plugins/review/review.go
index 1c9640dd6..63782890b 100644
--- a/gateway/transport/plugins/review/review.go
+++ b/gateway/transport/plugins/review/review.go
@@ -5,6 +5,8 @@ import (
 	"database/sql"
 	"errors"
 	"fmt"
+	"os"
+	"strconv"
 	"strings"
 	"time"
 
@@ -98,10 +100,11 @@ func (p *reviewPlugin) OnReceive(pctx plugintypes.Context, pkt *pb.Packet) (*plu
 		reviewType = models.ReviewTypeJit
 		accessDuration, err = time.ParseDuration(string(durationStr))
 		if err != nil {
-			return nil, plugintypes.InvalidArgument("invalid access time duration, got=%v", string(durationStr))
+			return nil, plugintypes.InvalidArgument("invalid access session duration, got=%v", string(durationStr))
 		}
-		if accessDuration.Hours() > 48 {
-			return nil, plugintypes.InvalidArgument("jit access input must not be greater than 48 hours")
+		maxAccessDurationHours := getMaxAccessDurationHours()
+		if accessDuration.Hours() > float64(maxAccessDurationHours) {
+			return nil, plugintypes.InvalidArgument("access session duration must not be greater than %d hours", maxAccessDurationHours)
 		}
 	}
 
@@ -205,3 +208,12 @@ func validateJit(jit *models.ReviewJit, t time.Time) error {
 	}
 	return nil
 }
+
+func getMaxAccessDurationHours() int64 {
+	if v := os.Getenv("MAX_ACCESS_DURATION_HOURS"); v != "" {
+		if n, err := strconv.ParseInt(v, 10, 64); err == nil && n > 0 {
+			return n
+		}
+	}
+	return 48
+}