|Summary:||Instructions on how to increase or decrease ADFS timeouts of relying parties for Microsoft Dynamics 365 / Dynamics CRM when Internet Facing Deployment (IFD) is set up and configured.|
|Article Type:||Information / Troubleshooting / Support|
|Related Product(s):||This article relates to the following products:
Active Directory Federation Services (ADFS) is used by Microsoft Dynamics CRM for an Internet Facing Deployment (IFD). Relying Parties are used to allow users to be authenticated when trying to access Microsoft Dynamics 365 / Dynamics CRM.
Your session has expired
The default settings require users to re-authenticate every hour if there is no activity. This can quickly become annoying if users have to sign in to CRM several times a day. ADFS gives administrators the ability to increase the timeout and reduce the need for users to repeatedly sign in throughout the day.
Update the timeout using Microsoft PowerShell
To change the timeout value, you will need to update the TokenLifetime value. This is achieved using PowerShell. Before you open PowerShell, you will need to find the name of each Relying Party.
Step 1: Find out the name of the relying party
- Open AD FS Management
- Navigate to AD FS > Trust Relationships > Relying Party Trusts
- Make a note of the display name for each relying party
Step 2: Update the TokenLifetime value
- Open Microsoft PowerShell as a user with administrator permissions
- Load the ADFS snap-in
- Get the relying party trust settings for each relying party. Use the display name from the previous step.
get-ADFSRelyingPartyTrust -Name “CRM – Local”
- Check the TokenLifetime value. This number represents minutes
- Set the TokenLifetime to the new value (8 hours = 480)
Set-ADFSRelyingPartyTrust -Targetname “CRM – Local” -TokenLifetime 480
- Repeat this step for each relying party