Categories
Uncategorized

Changing Default Token Expiration for Azure AD

To change the default token expiration timeframe when using Azure AD for authentication, you can do the following.

First, if you haven’t yet, install the AzureADPreview PowerShell Module:

Install-Module AzureADPreview

Now, connect to Azure AD using an account that has access to manage App Registrations:

Connect-AzureAD

After that, check and delete any policies that currently exist

After that, create a new policy (this one is set for 30 minutes as an example):

$policy = New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"00:30:00","MaxAgeSessionSingleFactor":"00:30:00"}}') -DisplayName "CustomPolicy" -IsOrganizationDefault $false -Type "TokenLifetimePolicy"

And apply that policy to the service principal tied to the Azure AD integration:

$sp = Get-AzureADServicePrincipal -Filter "DisplayName eq '<service principal display name>'"

Add-AzureADServicePrincipalPolicy -Id $sp.ObjectId -RefObjectId $policy.Id

Now verify that the policy is in place:

Reference

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes

Leave a Reply

Your email address will not be published. Required fields are marked *