...
Refresh tokens are not enabled by default. However, it is possible to submit a support request for HIMSA to allow the use of refresh tokens for a specific app: https://himsanoah.atlassian.net/servicedesk/customer/portal/1/group/1/create/15
Logging off
In case a user only set up 1 account and that account is of type single sign-on, logging off will redirect the user directly to the login page. In that case it will not be possible to set up a different account.
We suggest to redirect to the account selection page of the IdP after successfully logging off. It is then important to include "forcechoose" in the query string (with any value).