Share via

How to change token expiration time in Azure portal - AAD

Sarah 161 Reputation points
2022-05-10T09:14:25.317+00:00

When I access my web app that is registered in Azure AD, it first sends my app to Microsoft login page and after successful login it returns an id token which is used to retrieve the data from backend server. The expiry time of token is approx. 30 mins to 1 hr. Now when this token expires, I am not able to retrieve data from backend anymore, even though I am still signed in to the app. So where can I change or set the expiration time to more than 1 hr. in Azure portal? So that users don't abruptly stop getting access to backend.

Below link says it is configurable thru PowerShell. Is my understanding correct?
https://learn.microsoft.com/en-us/azure/active-directory/develop/configure-token-lifetimes

But could not find a way to do it thru Azure portal.
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes

Thank you.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,848 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Cristian SPIRIDON 4,471 Reputation points
    2022-05-10T20:54:11.677+00:00

    Hi Sarah-7243,

    You have to request a refresh token together with id/access token.
    With the refresh token you can then request another id/access token when those will expire.
    The refresh token has a much longer life.

    More info at:
    https://learn.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens

    Hope this helps!

  2. nam wam 1 Reputation point
    2022-07-21T16:15:33.667+00:00

    @Cristian SPIRIDON In our Azure Databricks, we run a python notebook that uses MS Service Principal to import huge data files into Azure SQL Managed Instance. But due to the volume of the data, the import process times out after 60 minutes - that has something to do with Access Token. Could you please explain how in Azure portal, can we expand the Access Token Expiration time? Thank you in advance.

  3. Shweta Mathur 28,191 Reputation points Microsoft Employee
    2022-07-25T08:22:27.603+00:00

    Hi @Sarah ,

    Thanks for reaching out.

    It is not possible to configure token lifetime using Azure AD portal.

    However, you can request refresh token along with access token or IdToken by passing offline_access in scope parameter to get the refresh token which is used to obtain new access/refresh token pairs when the current access token expires. The refresh token lifetime by default is 90 days.

    Other way to configure token lifetime is through powershell by creating policy as mentioned in the link you added.

    Hope this will helps.

    Thanks,
    Shweta

    -------------------------

    Please remember to "Accept Answer" if answer helped you.

  4. Gaurav Shinde 0 Reputation points
    2024-05-17T11:16:24.1233333+00:00

    For SPA it is just 48 Hours.

    0 comments