• AD/ADFS Integration Guide for PTT Pro and Profile Manager
Updating the Access and Refresh Token Lifespans
Updating the Access and Refresh Token Lifespans

Updating the Access and Refresh Token Lifespans

You can update the lifespan for access tokens and refresh tokens according to the requirements of your business. The commands listed below require administrator privileges and must be run in Powershell.
The access token lifespan must be less than the refresh token lifespan.
  1. Run the following command to issue refresh tokens. If refresh tokens are issued, you can skip this step.
    set-AdfsRelyingPartyTrust -TargetName "
    RelyingPartyTrust_name
    " -IssueOAuthRefreshTokensTo AllDevices
    Replace
    RelyingPartyTrust_name
     with the address of the ADFS server.
  2. Set the access token lifespan. This value is at the Relying Party Trust level.
    set-AdfsWebApiApplication -TargetIdentifier 
    Identifier_name
     -tokenlifetime 
    timeInMin
    set-AdfsWebApplicationProxyRelyingPartyTrust -TokenLifetime 
    timeInMin
    set-AdfsRelyingPartyTrust -TargetName 
    RelyingPartyTrust_name
     -TokenLifeTime 
    timeInMin
    Replace
    Identifier_name
    ,
    timeInMin
    , and
    RelyingPartyTrust_name
     with values appropriate for your environment. The value of
    timeInMin
     is in minutes.
  3. Set the refresh token lifespan. This is a global setting.
    set-AdfsProperties -ssolifetime 
    timeInMin
    Replace the value of 
    timeInMin
     with the refresh token lifespan. The value is in minutes.