question

CloudMe-0421 avatar image
0 Votes"
CloudMe-0421 asked CloudMe-0421 commented

Conditional Access - 'User sign-in frequency' Oauth implementation.

Hi,

If i understand correctly, the 'User sign-in frequency' implementation is app dependent and will only be enforced if the app was designed to do so, Is that correct?

If true, Can someone please guide me to documentation on how the 'User sign-in frequency' should be implemented by apps using the Oauth protocol ? I didn't see any flag in the Tokens that can indicate the 'User sign-in frequency' time and the Refresh tokens are valid for much longer than 1 hour(my CA settings), or did i miss something?

Thank You.




azure-active-directoryazure-ad-conditional-access
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

KAREDD-MSFT avatar image
1 Vote"
KAREDD-MSFT answered CloudMe-0421 commented

@CloudMe-0421 Configuring sign-in frequency sets an additional cookie called, ASLM (Azure Session Lifecycle Management) which controls this frequency.

AFAIK, if you are using MSAL, then you wouldn't have to do anything additionally.

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CloudMe-0421 avatar image CloudMe-0421 ·

Thanks for the response.


In the following article: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes


it states: we've implemented authentication session management capabilities in Azure AD Conditional Access. You can use this new feature to configure refresh token lifetimes by setting sign in frequency.


Is this referring then to the Oauth Refresh Tokens, or the ASLM cookie (I'm asking as there is no change in the Refresh Tokens lifetime after implementing the settings). Also, I couldn't find any info regarding the 'ASLM cookie' if possible i would greatly appreciate a link to some documentation.


Thank You !


0 Votes 0 ·