ADFS Time out settings for Microsoft Dynamics 365 / Dynamics CRM

Microsoft Dynamics 365 Technical Article

Article sections

    Summary: Instructions on how to increase or decrease ADFS timeouts of relying parties for Microsoft Dynamics 365 / Dynamics CRM when Internet Facing Deployment (IFD) is set up and configured.
    Article Type: Information / Troubleshooting / Support
    Related Product(s): This article relates to the following products:

    • Microsoft Dynamics CRM
    • Microsoft Dynamics 365
    Related Articles:

    Introduction

    Active Directory Federation Services (ADFS) is used by Microsoft Dynamics CRM for an Internet Facing Deployment (IFD).  Relying Parties are used to allow users to be authenticated when trying to access Microsoft Dynamics 365 / Dynamics CRM.

    Your session has expired

    The default settings require users to re-authenticate every hour if there is no activity.  This can quickly become annoying if users have to sign in to CRM several times a day.  ADFS gives administrators the ability to increase the timeout and reduce the need for users to repeatedly sign in throughout the day.

    Your session has expired

    Your session has expired

    Update the timeout using Microsoft PowerShell

    To change the timeout value, you will need to update the TokenLifetime value.  This is achieved using PowerShell.  Before you open PowerShell, you will need to find the name of each Relying Party.

    Step 1: Find out the name of the relying party

    1. Open AD FS Management
    2. Navigate to AD FS > Trust Relationships > Relying Party Trusts
    3. Make a note of the display name for each relying party
    ADFS Relying Party

    ADFS Relying Party List

    Step 2: Update the TokenLifetime value

    1. Open Microsoft PowerShell as a user with administrator permissions
    2. Load the ADFS snap-in
      Add-PSSnapin Microsoft.ADFS.PowerShell

      PowerShell ADFS Addon

      Add-PSSnapin Microsoft.ADFS.PowerShell

    3. Get the relying party trust settings for each relying party.  Use the display name from the previous step.
      get-ADFSRelyingPartyTrust -Name “CRM – Local”

      PowerShell ADFS Settings

      get-ADFSRelyingPartyTrust -Name “CRM – Local”

    4. Check the TokenLifetime value.  This number represents minutes
    5. Set the TokenLifetime to the new value (8 hours = 480)
      Set-ADFSRelyingPartyTrust -Targetname “CRM – Local” -TokenLifetime 480

      PowerShell ADFS TokenLifetime

      Set-ADFSRelyingPartyTrust -Targetname “CRM – Local” -TokenLifetime 480

    6. Repeat this step for each relying party

    Related Information:

    in MicrosoftMicrosoft Dynamics CRMSupportTroubleshooting
    Share This Post
    Share on facebook
    Share on linkedin
    Share on twitter
    Share on email
    More To Explore

    Ready to Talk about your Project?
    Book a free Discovery Call

    A no obligation call to discuss your business needs and project requirements. During the call, our consultant will explain how we can help you to achieve your goals and answer any questions you may have.