Dynamics CRM 2011 sliding session timeout RRS feed

  • Question

  • Hello experts,

    does anybody know if there is a sliding session timeout for IFD Deployments? I mean, does the Session expire after a fixed amount of time as set in the TokenLifetime in ADFS, or does it expire only after a certain amount of time during which the user is inactive?

    Thanks in advance.


    Please mark this reply as an answer and vote it as helpful if it helps you find a resolution to your problem.
    View my latest gallery contribution here.
    Visit my blog here.

    Monday, October 15, 2012 10:27 AM

All replies

  • Hi Pavlos,

    Please have a read at this:

    The lifetime of a default security token for a claims-based authentication deployment using AD FS 2.0 is 60 minutes. By default, Microsoft Dynamics CRM Server 2011 is configured to display the Authentication is Required dialog box 20 minutes before the token expires.

    In the Authentication is Required dialog box, if you click Cancel, the token expires as indicated. When the security token expires, you will need to start a new browser session to Microsoft Dynamics CRM to access your data. Any unsaved changes will be lost.



    I hope this helps. If my response answered your question, please mark the response as an answer and also vote as helpful.

    Ashish Mahajan, Microsoft Dynamics CRM Solutions Architect, CSG (Melbourne)
    My Personal Website: http://www.ashishmahajan.com
    My Blogs: http://ashishmahajancrm.blogspot.com.au and http://ashishmahajancrm.wordpress.com
    My Youtube Channel: http://www.youtube.com/user/ashishmahajanmscrm

    My Linkedin: View Ashish Mahajan's profile on LinkedIn
    My Twitter: https://twitter.com/#!/ashishmahajan74

    Monday, October 15, 2012 12:26 PM
  • Hi Ashish,

    thanks for your reply. I am familiar with the way the current implementation for session management works. My question is more related to any posssibilities to implement a sliding token-expiry mehanism in Dynamics CRM 2011 IFD.

    From a security perspective, increasing a session timeout to 8 hours is not optimal.

    So I am just wondering if this feature will be added in the future, or if anybody has manged to get this working with some kind of a workaround (like a custom implementation, that renews the token).



    Please mark this reply as an answer and vote it as helpful if it helps you find a resolution to your problem.
    View my latest gallery contribution here.
    Visit my blog here.

    Monday, October 15, 2012 12:31 PM
  • Hi,

    I'd like to do a similar thing, although I'm more interested in a real 'inactivity' timeout. I'm familiar with how the IFD security tokens expire and how CRM asks the user to log-in again before they expire, but that's not the same as an inactivity time-out.

    My customer has a security requirement for an inactivity timeout after 1 hour. That means the user walks away from their PC and the session has expired after one hour.

    Users that are genuinely active shouldn't be asked to re-supply credentials every 1 hour if they're working solid for 4 hours, so auto renewal would be a great option, although I would still want to cap the session time to prevent 'forever' sessions.

    Does any of this functionality exist?



    • Edited by PMulhearn Thursday, November 8, 2012 12:14 PM
    Thursday, November 8, 2012 12:08 PM
  • I'm also looking for a sliding expiration example in CRM 2011.  Has anyone done this?



    Tuesday, March 11, 2014 5:53 PM
  • Has anybody had any joy with this?

    It would be nice to have an answer from Microsoft as to whether sliding sessions are supported in CRM 2011, 2013 or even 2015.

    Any reason to upgrade :)


    Musings on Information Technology

    Thursday, May 28, 2015 9:51 AM
  • UP!

    I have exactly the same question. Is it possible to do this in CRM (2015 in my case)?

    I can't find any information on technet. The answer given by Ashish here is useless, the tokenlifetime of ADFS is not related to sliding session.


    Tuesday, October 20, 2015 11:28 AM
  • CRM doesn't have any mechanism for managing sliding sessions - all it does is use the token expiry from ADFS

    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    Tuesday, October 20, 2015 1:10 PM