Forum Discussion

vas_ppabp_90's avatar
vas_ppabp_90
Brass Contributor
Aug 19, 2020

O365 MFA, SSO, Token Lifetimes

Hi All,

Thought I would ask the question here about the various methods and to confirm token lifetimes.

So just the background, earlier this year we had enabled per user MFA
Office Admin center -> Users -> Multifactor Authentication a long with Trusted IPs, app passwords disabled and have not enabled the option Allow users to remember multi-factor authentication on devices they trust.

This method was always meant to be temporary as we are working towards moving over to CA policies.

Recently have seen a few things.

With applications that support seamless SSO and OpenID connect, have realised that the token won't be kept active for longer than when the browser is closed as long as the Keep me signed in option does not show unless in safe browsing mode.

Along with that our remote workers which connect via Direct Access via a split tunnel with a pac file that dictates the connections to remote services i.e. user is coming from Trusted IP as the MS services are set to go directly out, so they are prompted for 2FA also.

So with the current setup how can we increase the request token for those instances, so ideally the user isn't having to OAuth every 8-12 hours or when closing and opening the browser.

Any feedback will be great

Resources