Skip to content

Commit 558d103

Browse files
ranbelranbel
committed
Merge branch 'ranbel/access-for-saas-OIDC' of github.com:cloudflare/cloudflare-docs into ranbel/access-for-saas-OIDC
2 parents 20fd16d + ac5bbbe commit 558d103

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/generic-oidc-saas.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,7 @@ To add additional OIDC claims onto the ID token sent to your SaaS application, c
106106

107107
### Access token lifetime
108108

109-
The OIDC Access token authorizes users to connect to the SaaS application through Cloudflare Access. You can set an **Access token lifetime** to determine how often Cloudflare should authenticate the user to your SaaS application. To balance security and user convenience, you can configure a short token lifetime in conjunction with a longer **Refresh token lifetime**. When the access token expires, Cloudflare will use the refresh token to obtain a new access token after checking the user's identity against your Access policies. When the refresh token expires, the user will need to log back in to the identity provider. The refresh token lifetime should be less than your [global session duration](/cloudflare-one/identity/users/session-management/), otherwise the global session would take precedence.
109+
The OIDC Access token authorizes users to connect to the SaaS application through Cloudflare Access. You can set an **Access token lifetime** to determine the window in which the token can be used to establish authentication with the SaaS application — if it expires, the user must re-authenticate through Cloudflare Access. To balance security and user convenience, Cloudflare recommends configuring a short Access token lifetime in conjunction with a longer **Refresh token lifetime** (if supported by your application). When the access token expires, Cloudflare will use the refresh token to obtain a new access token after checking the user's identity against your Access policies. When the refresh token expires, the user will need to log back in to the identity provider. The refresh token lifetime should be less than your [global session duration](/cloudflare-one/identity/users/session-management/), otherwise the global session would take precedence.
110110

111111
:::note
112112
<Render file="access/saas-apps/saas-sessions" params={{ session: "OIDC Access tokens", token: "Access token"}} />

0 commit comments

Comments
 (0)