tokenLifetimePolicy resource type

Namespace: microsoft.graph

Represents a policy that can control the lifetime of a JWT access token, an ID token or a SAML 1.1/2.0 token issued by Azure Active Directory (Azure AD). You can set token lifetimes for all apps in your organization, for a multi-tenant (multi-organization) application, or for a specific service principal in your organization.

Note: Configuring this policy for Refresh Tokens and Session Tokens is not supported.

Inherits from stsPolicy.


Method Return Type Description
List tokenLifetimePolicies tokenLifetimePolicy Read properties and relationships of tokenLifetimePolicies objects.
Create tokenLifetimePolicy tokenLifetimePolicy Create a tokenLifetimePolicy object.
Get tokenLifetimePolicy tokenLifetimePolicy Read properties and relationships of a tokenLifetimePolicy object.
Update tokenLifetimePolicy None Update a tokenLifetimePolicy object.
Delete tokenLifetimePolicy None Delete a tokenLifetimePolicy object.
List appliesTo directoryObject collection Get the list of directoryObjects that this policy has been applied to.
Assign tokenLifetimePolicy None Assign a tokenLifetimePolicy object to an application or servicePrincipal object.
List assigned tokenLifetimePolicy tokenLifetimePolicy collection List the tokenLifetimePolicy objects that are assigned to an application or servicePrincipal object.
Remove tokenLifetimePolicy None Remove a tokenLifetimePolicy object from an application or servicePrincipal object.


Property Type Description
definition String collection A string collection containing a JSON string that defines the rules and settings for this policy. See below for more details about the JSON schema for this property. Required.
description String Description for this policy.
displayName String Display name for this policy. Required.
id String Unique identifier for this policy. Read-only.
isOrganizationDefault Boolean If set to true, activates this policy. There can be many policies for the same policy type, but only one can be activated as the organization default. Optional, default value is false.

Properties of a token lifetime policy definition

The properties below form the JSON object that represents a token lifetime policy. This JSON object must be converted to a string with quotations escaped to be inserted into the definition property. An example is shown below in JSON format:

"definition": [

Note: All time durations in these properties are specified in the format "dd.hh:mm:ss".

Note: Max values for properties denoted in "days" are 1 second short of the denoted number of days. For example, the max value of 1 days is specified as "23:59:59".

Property Type Description Min Value Max Value Default Value
AccessTokenLifetime String Controls how long both access and ID tokens are considered valid. 10 minutes 1 day 1 hour
Version Integer Set value of 1. Required. None None None


Relationship Type Description
appliesTo directoryObject collection The directoryObject collection that this policy has been applied to. Read-only.

JSON representation

The following is a JSON representation of the resource.

  "definition": ["String"],
  "description": "String",
  "displayName": "String",
  "id": "String (identifier)",
  "isOrganizationDefault": true,