This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 88%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Hi,
If i understand correctly, the 'User sign-in frequency' implementation is app dependent and will only be enforced if the app was designed to do so, Is that correct?
If true, Can someone please guide me to documentation on how the 'User sign-in frequency' should be implemented by apps using the Oauth protocol ? I didn't see any flag in the Tokens that can indicate the 'User sign-in frequency' time and the Refresh tokens are valid for much longer than 1 hour(my CA settings), or did i miss something?
Thank You.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 80%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
@CloudMe Configuring sign-in frequency sets an additional cookie called, ASLM (Azure Session Lifecycle Management) which controls this frequency.
AFAIK, if you are using MSAL, then you wouldn't have to do anything additionally.
Thanks for the response.
In the following article: https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes
it states: we've implemented authentication session management capabilities in Azure AD Conditional Access. You can use this new feature to configure refresh token lifetimes by setting sign in frequency.
Is this referring then to the Oauth Refresh Tokens, or the ASLM cookie (I'm asking as there is no change in the Refresh Tokens lifetime after implementing the settings). Also, I couldn't find any info regarding the 'ASLM cookie' if possible i would greatly appreciate a link to some documentation.
Thank You !