APM does offer the ability to inject a timeout pop-up into a 3rd party web app, but this feature is part of Portal Access Rewrite, which we don't recommend using for most web apps due to compatibility problems with obfuscated and minified modern web app frameworks.
Because APM can't really "inject pop-up screens" into 3rd party web apps with reasonable reliability, how would you like the system to behave? We have full control over all HTTP requests and responses, so we can redirect users or modify the APM "Your session is timed out" screen.