I have created regular Azure Active Directory(AAD) tenant with users & applications.
The client application uses AAD application ID & secret for its end-user authentication & authorization with AAD
The configurations are working fine & can able to authenticate my application users with out any issues.
But the question is, in order to improve end-user's sign-in experience, how/where to enable session cookie in AAD (so the already authenticated users wont be prompted for entering credentials in the login page at least until cookie expiries)?
Also how control the session cookie lifetime?
Note : No need of Azure AD B2B or B2C, in my case I'm using just plain vanilla AAD tenant.
CodePudding user response:
• The session cookie lifetime usually depends on the conditional access policy defined in Azure AD tenant for which you want to sign in to and authenticate. The default setting for Azure AD sign in frequency is 90 days after which it will ask for sign in authentication again. Also, it has a compliance condition to meet regarding the requirement for multi-factor authentication for the user to be signed in on its primary device and linked Azure AD account as then Windows modern authentication methods will help identify and sustain the sign into that device as well as require to sign in again if any threat arises.
• Thus, to configure the session sign in frequency through Conditional Access in Azure AD, you will have to create a new policy for sign-in frequency control in which you can configure the apps, platforms for which this policy should be applied. In that, in access controls -> session -> sign-in frequency -> enter the value of days or hours accordingly. Similarly, for browser session to be active irrespective of the browser window closure and reopening, you will have to configure persistent browser session policy in conditional access like the one as said earlier, in access controls -> session -> persistent browser session -> always persistent/never persistent (select the one that suits according to your needs).
For more details, please find the documentation link below for more information: -