tokenLifetimePolicy resource type
Namespace: microsoft.graph
Represents a policy that can control the lifetime of a JWT access token, an ID token or a SAML 1.1/2.0 token issued by Azure Active Directory (Azure AD). You can set token lifetimes for all apps in your organization, for a multi-tenant (multi-organization) application, or for a specific service principal in your organization.
Note: Configuring this policy for Refresh Tokens and Session Tokens is not supported.
Inherits from stsPolicy.
Methods
| Method | Return Type | Description |
|---|---|---|
| List tokenLifetimePolicies | tokenLifetimePolicy | Read properties and relationships of tokenLifetimePolicies objects. |
| Create tokenLifetimePolicy | tokenLifetimePolicy | Create a tokenLifetimePolicy object. |
| Get tokenLifetimePolicy | tokenLifetimePolicy | Read properties and relationships of a tokenLifetimePolicy object. |
| Update tokenLifetimePolicy | None | Update a tokenLifetimePolicy object. |
| Delete tokenLifetimePolicy | None | Delete a tokenLifetimePolicy object. |
| List appliesTo | directoryObject collection | Get the list of directoryObjects that this policy has been applied to. |
| Assign tokenLifetimePolicy | None | Assign a tokenLifetimePolicy object to an application or servicePrincipal object. |
| List assigned tokenLifetimePolicy | tokenLifetimePolicy collection | List the tokenLifetimePolicy objects that are assigned to an application or servicePrincipal object. |
| Remove tokenLifetimePolicy | None | Remove a tokenLifetimePolicy object from an application or servicePrincipal object. |
Properties
| Property | Type | Description |
|---|---|---|
| definition | String collection | A string collection containing a JSON string that defines the rules and settings for this policy. See below for more details about the JSON schema for this property. Required. |
| description | String | Description for this policy. |
| displayName | String | Display name for this policy. Required. |
| id | String | Unique identifier for this policy. Read-only. |
| isOrganizationDefault | Boolean | If set to true, activates this policy. There can be many policies for the same policy type, but only one can be activated as the organization default. Optional, default value is false. |
Properties of a token lifetime policy definition
The properties below form the JSON object that represents a token lifetime policy. This JSON object must be converted to a string with quotations escaped to be inserted into the definition property. An example is shown below in JSON format:
"definition": [
"{\"TokenLifetimePolicy\":{\"Version\":1,\"AccessTokenLifetime\":\"8:00:00\"}}"
]
Note: All time durations in these properties are specified in the format "dd.hh:mm:ss".
Note: Max values for properties denoted in "days" are 1 second short of the denoted number of days. For example, the max value of 1 days is specified as "23:59:59".
| Property | Type | Description | Min Value | Max Value | Default Value |
|---|---|---|---|---|---|
| AccessTokenLifetime | String | Controls how long both access and ID tokens are considered valid. | 10 minutes | 1 day | 1 hour |
| Version | Integer | Set value of 1. Required. | None | None | None |
Relationships
| Relationship | Type | Description |
|---|---|---|
| appliesTo | directoryObject collection | The directoryObject collection that this policy has been applied to. Read-only. |
JSON representation
The following is a JSON representation of the resource.
{
"definition": ["String"],
"description": "String",
"displayName": "String",
"id": "String (identifier)",
"isOrganizationDefault": true,
}
Feedback
Submit and view feedback for