diff --git a/BINARYBEACHIO.md b/BINARYBEACHIO.md
index 7b2e611dd..1ed428a13 100644
--- a/BINARYBEACHIO.md
+++ b/BINARYBEACHIO.md
@@ -53,6 +53,12 @@ Files **not** changed (deliberately):
 - `apps/admin/...` — god-mode UI still says "GitHub" provider; only the operator (us) sees it, not worth the patch surface.
 - `apps/space/...` — public sharing site OAuth, not a priority for v1.
 
+## Cross-fork conventions adopted
+
+This fork pulls in binarybeachio's [session lifecycle convention](https://git.binarybeach.io/binarybeach/binarybeachio-platform/src/branch/main/docs/features/session-lifecycle.md) — 15-min idle timeout, slide-on-activity. Applied automatically by `bootstrap.py` at deploy. To override for this fork specifically, set `SESSION_COOKIE_AGE` / `ADMIN_SESSION_COOKIE_AGE` / `SESSION_SAVE_EVERY_REQUEST` in `infrastructure/plane/.env` over in the binarybeachio repo (per-app .env beats convention).
+
+Local-test stack (`docker-compose.bb-local.yml`) hard-codes the same values inline since cross-repo file references in compose are awkward; this is a documented, accepted small duplication.
+
 ## Required runtime config
 
 Set these env vars on the patched `plane-backend` container (binarybeachio sets them in `infrastructure/plane/.env`):
diff --git a/apps/api/plane/authentication/provider/oauth/github.py b/apps/api/plane/authentication/provider/oauth/github.py
index a81ecc33f..b98f54fc6 100644
--- a/apps/api/plane/authentication/provider/oauth/github.py
+++ b/apps/api/plane/authentication/provider/oauth/github.py
@@ -111,8 +111,19 @@ class GitHubOAuthProvider(OauthAdapter):
             "state": state,
         }
         # OIDC requires response_type=code; GitHub OAuth tolerates it.
+        # `prompt=select_account` makes Zitadel show its account chooser even
+        # when only one session exists — the user explicitly chooses which
+        # identity to use rather than being silently passed through. Without
+        # this, the OIDC default is "session exists → log in immediately,"
+        # which is technically correct SSO but is an unfamiliar UX coming
+        # from Google/GitHub style flows that always show a picker.
+        # Override per-request by setting `OIDC_PROMPT=` (empty) or another
+        # value (`login` to force re-auth, `consent` to force consent screen).
         if os.environ.get("ZITADEL_DOMAIN"):
             url_params["response_type"] = "code"
+            prompt = os.environ.get("OIDC_PROMPT", "select_account")
+            if prompt:
+                url_params["prompt"] = prompt
         auth_url = f"{self._auth_url_base}?{urlencode(url_params)}"
         super().__init__(
             request,
diff --git a/apps/web/app/assets/logos/binarybeach-logo.png b/apps/web/app/assets/logos/binarybeach-logo.png
new file mode 100644
index 000000000..82c7736fa
Binary files /dev/null and b/apps/web/app/assets/logos/binarybeach-logo.png differ
diff --git a/apps/web/core/hooks/oauth/core.tsx b/apps/web/core/hooks/oauth/core.tsx
index 1c280e173..bfc7d7ba4 100644
--- a/apps/web/core/hooks/oauth/core.tsx
+++ b/apps/web/core/hooks/oauth/core.tsx
@@ -11,8 +11,9 @@ import { API_BASE_URL } from "@plane/constants";
 import type { TOAuthConfigs, TOAuthOption } from "@plane/types";
 // assets
 import giteaLogo from "@/app/assets/logos/gitea-logo.svg?url";
-import GithubLightLogo from "@/app/assets/logos/github-black.png?url";
-import GithubDarkLogo from "@/app/assets/logos/github-dark.svg?url";
+// binarybeachio fork: swapped GitHub logo imports for our brand logo. Same
+// asset for light and dark theme (the orange/teal palette reads on both).
+import BinarybeachLogo from "@/app/assets/logos/binarybeach-logo.png?url";
 import gitlabLogo from "@/app/assets/logos/gitlab-logo.svg?url";
 import googleLogo from "@/app/assets/logos/google-logo.svg?url";
 // hooks
@@ -51,15 +52,8 @@ export const useCoreOAuthConfig = (oauthActionText: string): TOAuthConfigs => {
       // Zitadel — see provider/oauth/github.py). Branding is rebranded here;
       // backend identifiers (route, env vars, DB provider key) stay "github".
       id: "github",
-      text: `${oauthActionText} with binarybeach.io`,
-      icon: (
-        <img
-          src={resolvedTheme === "dark" ? GithubDarkLogo : GithubLightLogo}
-          height={18}
-          width={18}
-          alt="binarybeach.io SSO"
-        />
-      ),
+      text: `${oauthActionText} with BinaryBeach.io`,
+      icon: <img src={BinarybeachLogo} height={18} width={18} alt="Binary Beach" />,
       onClick: () => {
         window.location.assign(`${API_BASE_URL}/auth/github/${next_path ? `?next_path=${next_path}` : ``}`);
       },
diff --git a/docker-compose.bb-local.yml b/docker-compose.bb-local.yml
index 9a0f183d0..f243a43a0 100644
--- a/docker-compose.bb-local.yml
+++ b/docker-compose.bb-local.yml
@@ -99,6 +99,11 @@ x-app-env: &app-env
   ZITADEL_DOMAIN: ${ZITADEL_DOMAIN:-auth.binarybeach.io}
   GITHUB_CLIENT_ID: ${GITHUB_CLIENT_ID}
   GITHUB_CLIENT_SECRET: ${GITHUB_CLIENT_SECRET}
+  # === binarybeachio session-lifecycle convention (15 min idle, slide-on-activity) ===
+  # Canonical: binarybeachio/infrastructure/_shared/.env.session-convention
+  SESSION_COOKIE_AGE: ${SESSION_COOKIE_AGE:-900}
+  ADMIN_SESSION_COOKIE_AGE: ${ADMIN_SESSION_COOKIE_AGE:-900}
+  SESSION_SAVE_EVERY_REQUEST: ${SESSION_SAVE_EVERY_REQUEST:-1}
 
 services:
   api: