You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory-b2c/session-behavior.md
+46-11Lines changed: 46 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ manager: CelesteDG
8
8
ms.service: active-directory
9
9
ms.workload: identity
10
10
ms.topic: how-to
11
-
ms.date: 11/30/2021
11
+
ms.date: 02/25/2022
12
12
ms.custom: project-no-code
13
13
ms.author: kengaderdus
14
14
ms.subservice: B2C
@@ -79,11 +79,12 @@ You can configure the Azure AD B2C session behavior, including:
79
79
-**Application** - This setting allows you to maintain a user session exclusively for an application, independent of other applications. For example, you can use this setting if you want the user to sign in to Contoso Pharmacy regardless of whether the user is already signed into Contoso Groceries.
80
80
-**Policy** - This setting allows you to maintain a user session exclusively for a user flow, independent of the applications using it. For example, if the user has already signed in and completed a multi-factor authentication (MFA) step, the user can be given access to higher-security parts of multiple applications, as long as the session tied to the user flow doesn't expire.
81
81
-**Suppressed** - This setting forces the user to run through the entire user flow upon every execution of the policy.
82
-
-**Keep me signed in (KMSI)** - Extends the session lifetime through the use of a persistent cookie. If this feature is enabled and the user selects it, the session remains active even after the user closes and reopens the browser. The session is revoked only when the user signs out. The KMSI feature only applies to sign-in with local accounts. The KMSI feature takes precedence over the session lifetime.
83
82
84
83
::: zone pivot="b2c-user-flow"
85
84
86
-
To configure the session behavior:
85
+
### Configure the user flow
86
+
87
+
To configure the session behavior in your user flow, follow these steps:
87
88
88
89
1. Sign in to the [Azure portal](https://portal.azure.com).
89
90
1. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the **Directories + subscriptions** icon in the portal toolbar.
@@ -99,15 +100,49 @@ To configure the session behavior:
99
100
100
101
::: zone pivot="b2c-custom-policy"
101
102
102
-
To change your session behavior and SSO configurations, you add a **UserJourneyBehaviors** element inside of the [RelyingParty](relyingparty.md) element. The **UserJourneyBehaviors** element must immediately follow the **DefaultUserJourney**. Your **UserJourneyBehavors** element should look like this example:
103
+
### Configure the custom policy
104
+
105
+
To configure the session behavior in your custom policy, follow these steps:
106
+
107
+
1. Open the relying party (RP) file, for example *SignUpOrSignin.xml*
108
+
1. If it doesn't already exist, add the following `<UserJourneyBehaviors>` element to the `<RelyingParty>` element. It must be located immediately after `<DefaultUserJourney ReferenceId="UserJourney Id"/>`.
1. Change the value of the `Scope` attribute to one of the possible value: `Suppressed`, `Tenant`, `Application`, or `Policy`. For more information, check out the [RelyingParty](relyingparty.md) reference article.
143
+
1. Set the `SessionExpiryType` element to `Rolling` or `Absolute`. For more information, check out the [RelyingParty](relyingparty.md) reference article.
144
+
1. Set the `SessionExpiryInSeconds` element to a numeric value between 900 seconds (15 minutes) and 86,400 seconds(24 hours). For more information, check out the [RelyingParty](relyingparty.md) reference article.
0 commit comments