For eg: we set policy for Single-Factor Session Token Max Age and Multi-Factor Session Token Max Age for 15 mins and I was expecting it will sign me out but it didn't rather it signed me out after 1 hour which is the token lifetime of id token. Hello we followed the commands , instructions and example provided in document and found that they work but not as expected. We've configured "sign-in Frequency" and "Require MFA". Default value at Ephesoft side is 7200 seconds which can be overridden and matched with session timeout setting at ADFS side.
The maxAuthentication age(in seconds) determines the maximum session time set for the IDP. 3. Trying to replicate this in Azure AD Conditional Access doesn't appear to be possible.
We've been using Token Lifetime Policies to manage "Multi-Factor Session Token Max Age" only. 4. Within AD FS you can alter the lifetime of a token, but I don't know at this time how you can make a difference between an trusted device and untrusted. Will this also be handled via Condtional Access Policies.
Hi , this document mentions that refresh token lifetimes need to be set via Conditional Access whereas Access token lifetimes can be set via token lifetime policy . To configure the session timeout … There are 2 other token lifetimes Single-Factor Session Token Max Age and Multi-Factor Session Token Max Age.
If Azure MFA cloud is good enough as provider and you only need to integrate SAML, OATH application, you may fall back to Azure App Proxy.