The validity of Refresh tokens are not re-evaluated until the Refresh Token expires. When the user leaves the office and travels to an off-site location (no longer on the corporate network), their refresh token will still be valid even though the geo-location (as determined by IP address)įor the user's machine has changed. They will be issued both Access and Refresh tokens. For example, if a user is on the corporate network during business hours and performs authentication, If your company has been configured for Single Sign-On (SSO) through Federation, you may not need to explicitly do anything (SSO will just work!).Ĭhanging logical (IP address) or physical locations after the Refresh Token has been acquired by the Office client will not impact the validity of the token. Features such as Conditional Access Policies may force users to sign-in again even though the Refresh Token is still valid.
The default lifetime for a Refresh Token is 14 days (expires 14 days after issue if not "used"). When the Access token expires, the Office client will present the Refresh token to Azure AD and request a new Access Token to use with the resource. The Access token is what is used to actually gain access to Resources such as Exchange or SharePoint Online. The Refresh Token is longer-lived - in some cases the token may be valid for up to 90 days if: The Access Token is very short-lived (valid for around 1 hour). When a user successfully authenticates with Office 365 (Azure AD), they are issued both an Access Token and a Refresh Token. How long are access and refresh tokens valid while using Modern Authentication? This is still the expected behavior with the updated Authentication features. Not immediately available to the other Office Applications (or the other way around). What this means is that after a user signs into Word, that account is available in Excel, PowerPoint, etc. Prior to the updated Authentication features, Office provides users with Single Sign-On between applications. How do Single Sign-On experiences work between applications with Modern Authentication?
0 kommentar(er)
