question

Vov4ik-1405 avatar image
0 Votes"
Vov4ik-1405 asked ·

Configurable token lifetimes in Azure Active Directory for my Web API

I need to create lifetime token for my WEB Api. I’ve used the following guide but the Policy doesn’t work. As I’ve noticed, for my Web Api the following OrganizationDefaultPolicyScenario works. I made it work by only using AzureADPolicy with setting -IsOrganizationDefault $true not $false.

My configuration:

OdataType : AlternativeIdentifier : Definition : { {"TokenLifetimePolicy":{"Version":1, "AccessTokenLifetime":"02:00:00"}}} DisplayName : OrganizationDefaultPolicyScenario IsOrganizationDefault : True KeyCredentials : {} Type : TokenLifetimePolicy

OdataType : AlternativeIdentifier : Definition : { {"TokenLifetimePolicy":{"Version":1, "AccessTokenLifetime":"08:00:00", "MaxInactiveTime":"30.00:00:00", "MaxAgeMultiFactor":"until-revoked", "MaxAgeSingleFactor":"180.00:00:00"}}} DisplayName : WebApiDefaultPolicy IsOrganizationDefault : False KeyCredentials : {} Type : TokenLifetimePolicy

PS C:\Users\1> Get-Azureadapplicationpolicy -id

Id : OdataType : #microsoft.graph.policy AlternativeIdentifier : Definition : { {"TokenLifetimePolicy":{"Version":1, "AccessTokenLifetime":"08:00:00", "MaxInactiveTime":"30.00:00:00", "MaxAgeMultiFactor":"until-revoked", "MaxAgeSingleFactor":"180.00:00:00"}}} DisplayName : WebApiDefaultPolicy IsOrganizationDefault : False KeyCredentials : {} Type : TokenLifetimePolicy

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

DanielStefaniak avatar image
0 Votes"
DanielStefaniak answered ·

you need to assign it to a Service principal representing the resource your clients are accessing. what is your client and what API is it accessing (aka. when you are asking for an access token what is your resource parameter?)

also token lifetimes will be gone by end of June (only Access Tokens timeouts customizations are sticking around). look at sign-in frequency in conditional access instead.

· 1 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

"conditional access" doesn`t active for my AzureAD Plan (I have AzureAD Basic)

I need to use only "AccessTokenLifetime". it will also be gone?

1 Vote 1 · ·