I would like to know what is the default authentication age that AzureAD is going to give after user authentication. - Is it should match with the Service Provider Session age - if it doesn't match any conflict we observe - what is the best practice to maintain authentication age.
Asked
Active
Viewed 579 times
1 Answers
1
Based on the official docs here it looks like the default is until revoked. As for best practices I generally go with a one hour token and a refresh.
Nick
- 353
- 1
- 2
- 11
-
Agreed - as long as the refresh isn't obtrusive - you can silently refresh. – Porschiey Sep 13 '17 at 20:42