ADFS Time out settings for Microsoft Dynamics CRM

Active Directory Federation Services (ADFS) is used by Microsoft Dynamics CRM for an Internet Facing Deployment (IFD).  Relying Parties are used to allow users to be authenticated when trying to access Microsoft Dynamics CRM.

Your session has expired

The default settings require users to re-authenticate every hour if there is no activity.  This can quickly become annoying if users have to sign in to CRM several times a day.  ADFS gives administrators the ability to increase the timeout and reduce the need for users to repeatedly sign in through out the day.

Your session has expired

Your session has expired

Update the timeout using Microsoft PowerShell

To change the timeout value, you will need to update the TokenLifetime value.  This is achieved using PowerShell.  Before you open PowerShell, you will need to find the name of each Relying Party.

Step 1: Find out the name of the relying party

  1. Open AD FS Management
  2. Navigate to AD FS > Trust Relationships > Relying Party Trusts
  3. Make a note of the display name for each relying party
ADFS Relying Party

ADFS Relying Party List

Step 2: Update the TokenLifetime value

  1. Open Microsoft PowerShell as a user with administrator permissions
  2. Load the ADFS snapin
    Add-PSSnapin Microsoft.ADFS.PowerShell

    PowerShell ADFS Addon

    Add-PSSnapin Microsoft.ADFS.PowerShell

  3. Get the relying party trust settings for each relying party.  Use the display name from the previous step.
    get-ADFSRelyingPartyTrust -Name “CRM – Local”

    PowerShell ADFS Settings

    get-ADFSRelyingPartyTrust -Name “CRM – Local”

  4. Check the TokenLifetime value.  This number represents minutes
  5. Set the TokenLifetime to the new value (8 hours = 480)
    Set-ADFSRelyingPartyTrust -Targetname “CRM – Local” -TokenLifetime 480

    PowerShell ADFS TokenLifetime

    Set-ADFSRelyingPartyTrust -Targetname “CRM – Local” -TokenLifetime 480

  6. Repeat this step for each relying party

Source: QGate Knowledgebase

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: