Active Directory Federation Services (ADFS) is used by Microsoft Dynamics CRM for an Internet Facing Deployment (IFD). Relying Parties are used to allow users to be authenticated when trying to access Microsoft Dynamics CRM.
Your session has expired
The default settings require users to re-authenticate every hour if there is no activity. This can quickly become annoying if users have to sign in to CRM several times a day. ADFS gives administrators the ability to increase the timeout and reduce the need for users to repeatedly sign in through out the day.
Update the timeout using Microsoft PowerShell
To change the timeout value, you will need to update the TokenLifetime value. This is achieved using PowerShell. Before you open PowerShell, you will need to find the name of each Relying Party.
Step 1: Find out the name of the relying party
- Open AD FS Management
- Navigate to AD FS > Trust Relationships > Relying Party Trusts
- Make a note of the display name for each relying party
Step 2: Update the TokenLifetime value
- Open Microsoft PowerShell as a user with administrator permissions
- Load the ADFS snapin
- Get the relying party trust settings for each relying party. Use the display name from the previous step.
get-ADFSRelyingPartyTrust -Name “CRM – Local”
- Check the TokenLifetime value. This number represents minutes
- Set the TokenLifetime to the new value (8 hours = 480)
Set-ADFSRelyingPartyTrust -Targetname “CRM – Local” -TokenLifetime 480
- Repeat this step for each relying party
Source: QGate Knowledgebase