Timeout settings on ADFS

HK G 516 Reputation points
2021-10-26T03:11:05.097+00:00

I am trying to figure out the timeout behavior on ADFS (2016). We have the default ssolifetime (8 hours) and tokenlifetime (1 hrs). I understand that the ssolifetime is refresh token while tokenlifetime is the access token. Can someone clarify when a user will need to re-authenticate again with the above settings? Is it 8 hours? Or the ssolifetime get reset automatically when it expired and renew automatically until the persistent SSOlife (default of 90 days) value is reached?

Thanks

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,454 questions
0 comments
Accepted answer
  1. VipulSparsh-MSFT 16,231 Reputation points Microsoft Employee
    2021-10-26T11:24:07.017+00:00

    @HK G Thanks for reaching out.

    Yes for 2016, if the device is registered the SSO can get reset till 90 days with 14 days window.
    This is also documented here in detail : https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/ad-fs-single-sign-on-settings#enable-psso-for-office-365-users-to-access-sharepoint-online

    143730-image.png

    -----------------------------------------------------------------------------------------------------------------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. HK G 516 Reputation points
    2021-10-26T15:17:34.12+00:00

    Thanks, our ADFS is not setup with device registration and kmsi is not enabled. Does that mean user will need to reauthenticate after 8 hour by default unless the application also assign a timeout value for the session.