question

HKG-7714 avatar image
0 Votes"
HKG-7714 asked vipulsparsh-MSFT commented

Timeout settings on ADFS

I am trying to figure out the timeout behavior on ADFS (2016). We have the default ssolifetime (8 hours) and tokenlifetime (1 hrs). I understand that the ssolifetime is refresh token while tokenlifetime is the access token. Can someone clarify when a user will need to re-authenticate again with the above settings? Is it 8 hours? Or the ssolifetime get reset automatically when it expired and renew automatically until the persistent SSOlife (default of 90 days) value is reached?

Thanks

azure-ad-saml-sso
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

vipulsparsh-MSFT avatar image
0 Votes"
vipulsparsh-MSFT answered

@HKG-7714 Thanks for reaching out.

Yes for 2016, if the device is registered the SSO can get reset till 90 days with 14 days window.
This is also documented here in detail : https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/ad-fs-single-sign-on-settings#enable-psso-for-office-365-users-to-access-sharepoint-online

143730-image.png



Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.



image.png (22.5 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HKG-7714 avatar image
0 Votes"
HKG-7714 answered vipulsparsh-MSFT commented

Thanks, our ADFS is not setup with device registration and kmsi is not enabled. Does that mean user will need to reauthenticate after 8 hour by default unless the application also assign a timeout value for the session.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@HKG-7714 Yes that is correct.

0 Votes 0 ·