Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Represents a policy that can control the lifetime of a JWT access token, an ID token or a SAML 1.1/2.0 token issued by Microsoft Entra ID. You can set token lifetimes for all apps in your organization, for a multitenant application, or for a specific service principal in your organization. For more scenario details, see Configurable token lifetimes in the Microsoft identity platform.
Configuring this policy for refresh tokens and session tokens isn't supported.
Inherits from stsPolicy.
Methods
| Method | Return Type | Description |
|---|---|---|
| List | tokenLifetimePolicy | Read properties and relationships of tokenLifetimePolicies objects. |
| Create | tokenLifetimePolicy | Create a tokenLifetimePolicy object. |
| Get | tokenLifetimePolicy | Read properties and relationships of a tokenLifetimePolicy object. |
| Update | None | Update a tokenLifetimePolicy object. |
| Delete | None | Delete a tokenLifetimePolicy object. |
| List applied to applications | directoryObject collection | Get the list of directoryObjects that this policy has been applied to. |
Properties
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for this policy. Read-only. |
| definition | String collection | A string collection containing a JSON string that defines the rules and settings for this policy. For more information about the JSON schema for this property, see Properties of a token lifetime policy definition. Required. |
| displayName | String | Display name for this policy. Required. |
| isOrganizationDefault | Boolean | If set to true, activates this policy. There can be many policies for the same policy type, but only one can be activated as the organization default. Optional, default value is false. |
Properties of a token lifetime policy definition
The following JSON object shows the properties in a token lifetime policy definition property. This JSON object must be converted to a string with quotations escaped to be inserted into the definition property as shown in the example.
"definition": [
"{\"TokenLifetimePolicy\":{\"Version\":1,\"AccessTokenLifetime\":\"8:00:00\"}}"
]
Note
All time durations in these properties are specified in the format "dd.hh:mm:ss". Maximum values for properties denoted in "days" are 1 second short of the denoted number of days. For example, the max value of 1 days is specified as "23:59:59".
| Property | Type | Description | Min Value | Max Value | Default Value |
|---|---|---|---|---|---|
| AccessTokenLifetime | String | Controls how long both access and ID tokens are considered valid. | 10 minutes | 1 day | 1 hour |
| Version | Integer | Set value of 1. Required. | None | None | None |
Relationships
| Relationship | Type | Description |
|---|---|---|
| appliesTo | directoryObject collection | The directoryObject collection that this policy has been applied to. Read-only. |
JSON representation
The following JSON representation shows the resource type.
{
"definition": ["String"],
"displayName": "String",
"id": "String (identifier)",
"isOrganizationDefault": true,
}