Azure SCIM User provisioning - Long lived bearer token standard validity

Ruchi 386 Reputation points
2023-10-17T11:06:31.6733333+00:00

Hi Team,

For our enterprise's user provisioning SCIM application, we are planning to use Long lived bearer token for application authentication. Could you please suggest the standard approach for the token expiry duration. Is it allowed to generate a never expire bearer token?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,905 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Danny Zollner 9,531 Reputation points Microsoft Employee
    2023-10-23T18:22:08.4766667+00:00

    For tokens issued by your application for use in accessing the app's SCIM server endpoints, it is allowable to issue non-expiring bearer tokens, or tokens with expiration dates so far in the future that they are functionally non-expiring. This doesn't align with best practices from a security standpoint, however.

    If this is an internal application only used by your company, then right now bearer tokens are your only option. If this is an application intended to be added to the Enterprise App gallery, then I'd instead suggestion implementing OAuth 2.0 Authorization Code Grant or Client Credential Grant flows.

    1 person found this answer helpful.

  2. Sandeep G-MSFT 15,236 Reputation points Microsoft Employee
    2023-10-20T09:22:50.3+00:00

    @Ruchi

    Thank you for posting your question in Microsoft Q&A.

    Creating a never expire token for application in Azure is not possible.

    However, you can configure the lifetime for an access token.

    You can refer below articles to know more about the default lifetime of tokens and also configuring lifetime of tokens,

    https://learn.microsoft.com/en-us/azure/active-directory/develop/configurable-token-lifetimes

    https://learn.microsoft.com/en-us/azure/active-directory/develop/configure-token-lifetimes

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments