Max-Age

Some Account Provider protocols (SAML-P, WS-Federation...) only provide information during the authentication flow. To confirm that the account is still valid a user needs to authenticate with the Account Provider even if they choose to authenticate with another linked account. In some scenarios this is not feasable.

Max-Age Parameter

The Max-Age parameter allows for the specification of the number of minutes after which an authentication using the Account Provider becomes stale.

From a user perspective this results in the fact that the user only needs to reconfirm (authenticate) his account using the Account Provider if the previous authentication was completed more than "Max-Age" minutes in the past.

Example Use Case

A user has an identity with two linked accounts. One is an Office 365 account and the second one is a Smart Card (e.g. e-ID).

If Max-Age is not configured, the user needs to reconfirm (authenticate) both accounts upon each authentication with The Identity Hub.

We want the user to reconfirm both accounts at least once a week. For this we set the Max-Age parameter for the Office 365 Account Provider and the Smart Card to 10080 minutes (7 days).

  1. User authenticates with Office 365.
  2. Authentication using Smart Card happened
  • 6 days ago: User does not need to authenticate with the Smart Card.
  • 10 days ago: User needs to authenticate with the Smart Card after the Office 365 authentication

Configure Max-Age for Account Provider

  1. Navigate to the Account Providers Admin Page (https://www.theidentityhub.com/{tenant}/Admin/AccountProvider) of your Tenant and click Edit on the Account Provider. If you don't have a Tenant yet, you can register one for free.
  2. In the Max-Age type the number of minutes before an authentication becomes stale and the user has to reconfirm (authenticate) with the Account Provider.
  3. Click Save

Account Linking
Amazon Account Provider
Activate an Account Provider
Built-in Username and Password Account Provider
Custom Account Providers
Facebook Account Provider
GitHub Account Provider
Google Account Provider
Instagram Account Provider
LinkedIn Account Provider
Microsoft Account Provider
myID.be Account Provider
Office 365 Account Provider
PayPal Account Provider
SAML-P Account Provider
StackExchange Account Provider
Twitter Account Provider
WS-Federation Account Provider