tokenLifetimePolicy resource type
Namespace: microsoft.graph
Represents a policy that can control the lifetime of a JWT access token, an ID token or a SAML 1.1/2.0 token issued by Azure Active Directory (Azure AD). You can set token lifetimes for all apps in your organization, for a multi-tenant (multi-organization) application, or for a specific service principal in your organization.
Note: Configuring this policy for Refresh Tokens and Session Tokens is not supported.
Inherits from stsPolicy.
Methods
Method | Return Type | Description |
---|---|---|
List tokenLifetimePolicies | tokenLifetimePolicy | Read properties and relationships of tokenLifetimePolicies objects. |
Create tokenLifetimePolicy | tokenLifetimePolicy | Create a tokenLifetimePolicy object. |
Get tokenLifetimePolicy | tokenLifetimePolicy | Read properties and relationships of a tokenLifetimePolicy object. |
Update tokenLifetimePolicy | None | Update a tokenLifetimePolicy object. |
Delete tokenLifetimePolicy | None | Delete a tokenLifetimePolicy object. |
List appliesTo | directoryObject collection | Get the list of directoryObjects that this policy has been applied to. |
Assign tokenLifetimePolicy | None | Assign a tokenLifetimePolicy object to an application or servicePrincipal object. |
List assigned tokenLifetimePolicy | tokenLifetimePolicy collection | List the tokenLifetimePolicy objects that are assigned to an application or servicePrincipal object. |
Remove tokenLifetimePolicy | None | Remove a tokenLifetimePolicy object from an application or servicePrincipal object. |
Properties
Property | Type | Description |
---|---|---|
definition | String collection | A string collection containing a JSON string that defines the rules and settings for this policy. See below for more details about the JSON schema for this property. Required. |
description | String | Description for this policy. |
displayName | String | Display name for this policy. Required. |
id | String | Unique identifier for this policy. Read-only. |
isOrganizationDefault | Boolean | If set to true , activates this policy. There can be many policies for the same policy type, but only one can be activated as the organization default. Optional, default value is false . |
Properties of a token lifetime policy definition
The properties below form the JSON object that represents a token lifetime policy. This JSON object must be converted to a string with quotations escaped to be inserted into the definition property. An example is shown below in JSON format:
"definition": [
"{\"TokenLifetimePolicy\":{\"Version\":1,\"AccessTokenLifetime\":\"8:00:00\"}}"
]
Note: All time durations in these properties are specified in the format "dd.hh:mm:ss".
Note: Max values for properties denoted in "days" are 1 second short of the denoted number of days. For example, the max value of 1 days is specified as "23:59:59".
Property | Type | Description | Min Value | Max Value | Default Value |
---|---|---|---|---|---|
AccessTokenLifetime | String | Controls how long both access and ID tokens are considered valid. | 10 minutes | 1 day | 1 hour |
Version | Integer | Set value of 1. Required. | None | None | None |
Relationships
Relationship | Type | Description |
---|---|---|
appliesTo | directoryObject collection | The directoryObject collection that this policy has been applied to. Read-only. |
JSON representation
The following is a JSON representation of the resource.
{
"definition": ["String"],
"description": "String",
"displayName": "String",
"id": "String (identifier)",
"isOrganizationDefault": true,
}
Feedback
Submit and view feedback for