How to increase the SSO user session duration on AWS

When you enable Single Sign-On (SSO) on your AWS account (using Microsoft ADFS), by default the user session duration is set to last for 60 minutes. You can increase it up to 12 hours. I am taking the steps below on ADFS 2.0 but the same procedure applies to ADFS 3.0:

1- Open the ADFS -> Trust Relationships -> Relying Party Trusts

2- Right click the Amazon Web Services trust -> click Edit Claim Rules

3- Click Add Rule

4- Click Send Claims Using a Custom Rule

5- Enter the following values:

Claim rule name: SessionDuration

Custom rule:

=> issue(Type = "https://aws.amazon.com/SAML/Attributes/SessionDuration", Value = "28800");

The rule above configures the session duration to be 8 hours (28,800 Seconds).

6- Click Finish and Click Ok.

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: