Hello,
Let’s look into the token expiration settings for Single Sign-On (SSO).
- Microsoft Identity Platform (Azure AD):
- By default, the lifetime of tokens issued by the Microsoft identity platform (such as access tokens, SAML tokens, or ID tokens) is 60 minutes1.
- The minimum token lifetime is 5 minutes, and the maximum is 1,440 minutes (24 hours)1.
- If your application has been granted the
offline_access
scope, the refresh token lifetime is 14 days1. - However, you can customize these token lifetimes based on your organization’s needs.
- To configure token lifetime policies, you can use PowerShell commands or make HTTP requests to the Microsoft Graph API2.
- For example, you can create a policy that extends the lifetime of access/ID tokens for a specific app or service principal. You can set the lifetime to a desired duration (e.g., 4 hours or 8 hours) using the appropriate commands or API calls2.