How to implement longer session expiry in Azure B2C custom policy implementation ?

Ronnie Kapoor 96 Reputation points

Hi Team,

We are using Azure AD B2C custom policies for SSO and we don't want our user to be logged out frequently after a certain period of time and we are using Self asserted policies (and not KMSI) because of custom validations and we need to implement the non expiring session.How can i do that ?

Heads up -

  1. we need session to be non expiring in mobile until it is explicitly logged out by user..
  2. We have separate sign in and sign up policies and separate for mobile as well.

We tried rolling session earlier but we were getting automatically logged in even after logging out which seemed to be an issue but we did not pursue with the approach 100%

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,628 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. 2020-12-03T18:31:28.85+00:00

    Hello @Ronnie Kapoor , session lifetime can be configured per custom policies. Life time can range from 15 to 720 minutes (12 hours). However this can be extended every time the user performs a cookie-based authentication if the session expire type is set to Rolling (default). For how to configure session in your custom policies please take a look to Configure session behavior using custom policies in Azure Active Directory B2C.. Keep in mind that lifetime applies to web and mobile using webviews for logins.

    Please let me know if you need more help. If the answer was helpful to you, please accept it and, optionally, provide feedback so that other members in the community can benefit from it.

    0 comments No comments