Hello Tanul,
Welcome to Microsoft Q&A , thankyou for posting your query here.
1.Azure AD has a setting called Token Lifetime policies.
You can configure token lifetimes in the Azure portal.
Go to the Azure portal.
In "Azure Active Directory" > "Security" > "Authentication methods" > "Authentication methods blade" > "Token Lifetime Policies".
you can configure the lifetime of access tokens, refresh tokens, and ID tokens.
It may impact other applications so be cautious while adjusting these values.
2.you can use the --device-code-validity
flag with the az aks get-credentials
command. This flag specifies the duration (in seconds) for which the device code is valid. This will generate a new device code and ask the user to authenticate their device again after 24 hours.
az aks get-credentials --resource-group <resource-group-name> --name <cluster-name> --device-code --device-code-validity 8640
Hope this helps you. Please accept the answer if it is helpful else post your error/query here give more detailed answer thankyou.
Change device authorization token expiration time in AKS AD RBAC authentication
Tanul
1,291
Reputation points
We have setup AKS with Azure AD authentication with Kubernetes RBAC
type. After spinning, kubectl command asked for device login only for the first time via this url https://microsoft.com/devicelogin.
But, it's been many months it is not asking this anymore. Is there any way to change the expiration interval of the token so that after every 1 day kubectl command will ask users to authorize their devices again.
Azure Kubernetes Service
Azure Kubernetes Service
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,450 questions
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Accepted answer
-
Anveshreddy Nimmala 3,550 Reputation points Microsoft External Staff Moderator
2024-01-18T01:30:16.0833333+00:00