question

KishoreK-8576 avatar image
0 Votes"
KishoreK-8576 asked amanpreetsingh-msft commented

How to auto signout webapp from b2b azure ad authentication v2 openid connect implemetented in .net framework in 15 mins.

I have being working in web app with single sign-on ad authentication v2 with OpenID connect in .NET framework. Every time when I try to Sign-out, 'Which account do you want to sign out of?' page is coming to select account even if one account is logged in. It prevents from auto sign-out in 15 mins. I have tried with 'ExpireTimeSpan' in CookieAuthenticationOptions, startup.auth.cs and its relogging without password. I have also tried with deleting cookies, session and providing login_hint in singout but it didn't logged out completely.

I have also tried to set Conditional Access in azure portal, but its minimum time out is 1hrs and its not based on inactivity.

Please provide me mechanisms to sign-out completely in 15 mins using azure ad OpenID authentication V2 version in .net frame work so that users need to provide password after 15 mins of inactivity. 34895-signout-accounts.jpg.


azure-webappsazure-ad-authentication
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered amanpreetsingh-msft commented

Hello @KishoreK-8576 · Welcome to Q&A platform and thanks for your query.

This can be configured by using Sign-in frequency feature in Conditional Access policy. Unfortunately, you can't set it for 15 minutes as the minimum frequency that can be set is 1 Hour after which user would be required to sign-in again. Maximum value can be 365 days.

32319-image.png

Read More: Sign-in frequency control


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @amanpreetsingh-msft,

Thanks for the reply, I have tried the above one. But the above is 1hr, but I need signout to be happened by 15 mins of inactivity. Is there any way to achieve any other ways, like programmatically. I have tried many things, but didn't work for the V2 authentication.

0 Votes 0 ·

Hello @KishoreK-8576 · The suggested option is setting sign-in frequency for this purpose as starting February 1, 2021 this will be the only available option. As of now you can use token lifetime policies as documented here by setting MaxInactiveTime, where minimum value can be 10 minutes. However, tenants will no longer be able to configure refresh and session token lifetimes using this option after January 30, 2021.

0 Votes 0 ·

Hi @amanpreetsingh-msft ,
Is there any way to remove 'Which account do you want to sign out of?' prompt(as per the attachment) while we trigger the sign-out from program. Is there any configuration available to remove the prompt.

0 Votes 0 ·
Show more comments