WARP session re-authentication flow

What’s the intended UX for the re-authentication of WARP sessions? I only see a browser error when a network policy requires re-authentication. My understanding is that you then have to go to WARP client preferences → Account → Re-authenticate Session. Is that correct? It seems a bit clunky to me as it requires educating all users on what to do as a troubleshooting step in case network access suddenly doesn’t work anymore.