question

Vov4ik-1405 avatar image
0 Votes"
Vov4ik-1405 asked Vov4ik-1405 commented

Configurable token lifetimes in Azure Active Directory for my Web API

I need to create lifetime token for my WEB Api. I’ve used the following guide but the Policy doesn’t work. As I’ve noticed, for my Web Api the following OrganizationDefaultPolicyScenario works. I made it work by only using AzureADPolicy with setting -IsOrganizationDefault $true not $false.

My configuration:

OdataType :
AlternativeIdentifier :
Definition : { {"TokenLifetimePolicy":{"Version":1, "AccessTokenLifetime":"02:00:00"}}}
DisplayName : OrganizationDefaultPolicyScenario
IsOrganizationDefault : True
KeyCredentials : {}
Type : TokenLifetimePolicy

OdataType :
AlternativeIdentifier :
Definition : { {"TokenLifetimePolicy":{"Version":1, "AccessTokenLifetime":"08:00:00", "MaxInactiveTime":"30.00:00:00", "MaxAgeMultiFactor":"until-revoked", "MaxAgeSingleFactor":"180.00:00:00"}}}
DisplayName : WebApiDefaultPolicy
IsOrganizationDefault : False
KeyCredentials : {}
Type : TokenLifetimePolicy

PS C:\Users\1> Get-Azureadapplicationpolicy -id



Id :
OdataType : #microsoft.graph.policy
AlternativeIdentifier :
Definition : { {"TokenLifetimePolicy":{"Version":1, "AccessTokenLifetime":"08:00:00", "MaxInactiveTime":"30.00:00:00", "MaxAgeMultiFactor":"until-revoked", "MaxAgeSingleFactor":"180.00:00:00"}}}
DisplayName : WebApiDefaultPolicy
IsOrganizationDefault : False
KeyCredentials : {}
Type : TokenLifetimePolicy


azure-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

DanielStefaniak avatar image
1 Vote"
DanielStefaniak answered Vov4ik-1405 commented

you need to assign it to a Service principal representing the resource your clients are accessing. what is your client and what API is it accessing (aka. when you are asking for an access token what is your resource parameter?)

also token lifetimes will be gone by end of June (only Access Tokens timeouts customizations are sticking around). look at sign-in frequency in conditional access instead.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

"conditional access" doesn`t active for my AzureAD Plan (I have AzureAD Basic)

I need to use only "AccessTokenLifetime". it will also be gone?

1 Vote 1 ·