Hi @Sworna M Dunant · Thank you for reaching out.
As far as I know, at_use_nbr is not supported by Azure AD, which is why it is not documented under Restricted claim set or Optional claims set and creating a customer attribute for at_use_nbr won't help.
Best you can do as of now, is set the Access token lifetime to its minimum value i.e., 10 Minutes. For this purpose, you need to perform below steps:
- Create a token lifetime policy :
$policy = New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"02:00:00"}}') -DisplayName "WebPolicyScenario" -IsOrganizationDefault $false -Type "TokenLifetimePolicy"
- To see your new policy, and to get the policy ObjectId :
Get-AzureADPolicy -Id $policy.Id
- Assign the policy to your service principal by performing below steps.
- Get ID of the service principal :
$sp = Get-AzureADServicePrincipal -Filter "DisplayName eq '<service principal display name>'"
- Assign policy to a service principal :
Add-AzureADServicePrincipalPolicy -Id $sp.ObjectId -RefObjectId $policy.Id
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.