configuring Session Token , Refresh Token Timeout of an Azure AD app

Subramanyam k 251 Reputation points
2020-07-03T13:04:47.697+00:00

Hi ,

We have followed the URL "https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes" and used the
command-

New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"02:00:00","MaxAgeSessionSingleFactor":"02:00:00"}}') -DisplayName "WebPolicyScenario" -IsOrganizationDefault $false -Type "TokenLifetimePolicy"  

to create the session timeout . We are getting the below error.

How can we configure the session timeout for a particular Azure AD Application

Error:

New-AzureADPolicy : Error occurred while executing NewPolicy
Code: Request_BadRequest
Message: Configure Token Lifetime for RT/ST (Refresh/Session Token) has been retired on May 30, 2020. New policy cannot be created anymore. Refer
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes for more information
InnerError:
RequestId: c535e85f-30b3-47a0-9be0-4e271b2a5139
DateTimeStamp: Fri, 03 Jul 2020 12:56:49 GMT
HttpStatusCode: BadRequest
HttpStatusDescription: Bad Request
HttpResponseStatus: Completed
At line:1 char:1

  • New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1, ...
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • CategoryInfo : NotSpecified: (:) [New-AzureADPolicy], ApiException
  • FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.NewPolicy
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,686 questions
0 comments No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,506 Reputation points
    2020-07-03T13:49:10.447+00:00

    Hi @Subramanyamk-9132

    Configurable token lifetime feature is now replaced with Conditional Access Session Management as mentioned in the warning at below link:

    https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime#configuring-authentication-session-controls

    You need to create a conditional access policy with the required users and application for which you want to configure these limits. For more details, please refer to above link.


    Please do not forget to "Accept the answer" wherever the information provided helps you. This will help others in the community as well.


0 additional answers

Sort by: Most helpful