question

CloudMe-0421 avatar image
0 Votes"
CloudMe-0421 asked ·

Conditional Access - 'User sign-in frequency' Oauth implementation.

Hi,

If i understand correctly, the 'User sign-in frequency' implementation is app dependent and will only be enforced if the app was designed to do so, Is that correct?

If true, Can someone please guide me to documentation on how the 'User sign-in frequency' should be implemented by apps using the Oauth protocol ? I didn't see any flag in the Tokens that can indicate the 'User sign-in frequency' time and the Refresh tokens are valid for much longer than 1 hour(my CA settings), or did i miss something?

Thank You.

azure-active-directoryazure-ad-conditional-access
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

KAREDD-MSFT avatar image
1 Vote"
KAREDD-MSFT answered ·

@CloudMe-0421 Configuring sign-in frequency sets an additional cookie called, ASLM (Azure Session Lifecycle Management) which controls this frequency.

AFAIK, if you are using MSAL, then you wouldn't have to do anything additionally.

· 1 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for the response.

In the following article: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes

it states: we've implemented authentication session management capabilities in Azure AD Conditional Access. You can use this new feature to configure refresh token lifetimes by setting sign in frequency.

Is this referring then to the Oauth Refresh Tokens, or the ASLM cookie (I'm asking as there is no change in the Refresh Tokens lifetime after implementing the settings). Also, I couldn't find any info regarding the 'ASLM cookie' if possible i would greatly appreciate a link to some documentation.

Thank You !

0 Votes 0 · ·