Latest Posts

“Token expired” – The authentication token has expired, and the user needs to log in again.

Posted on by Zubair Shaik

Loading

“Token Expired” – Troubleshooting and Resolution Guide

Overview

A “Token Expired” error occurs when an authentication token used for logging in to Microsoft 365, SharePoint, ADFS, or other services has reached its expiration time. Tokens are essential for maintaining secure user sessions without requiring repeated logins.

When a token expires, the user is usually prompted to log in again, but in some cases, persistent expiration issues can disrupt access and require troubleshooting.

Common Causes of Token Expiry Errors

Session timeout exceeded – User remained inactive for too long.
Short token lifetime policies – Organization enforces frequent re-authentication.
ADFS or Azure AD token misconfiguration – Incorrect token expiration settings.
Clock synchronization issues – System time mismatch between client and server.
Multi-Factor Authentication (MFA) conflicts – MFA tokens expiring too soon.
Cached credentials causing authentication failures.
Persistent session cookies expired.
Security policies forcing re-authentication.

Step 1: Log Out and Log In Again

If the issue is caused by a simple session expiration, logging out and back in can refresh the token.

How to Log Out and Log Back In:

  1. Open your web browser and go to the login portal.
  2. Click on your profile icon and select Sign out.
  3. Clear the browser cache and cookies:
    • Google Chrome: Settings > Privacy & Security > Clear Browsing Data
    • Microsoft Edge: Settings > Privacy > Clear Browsing History
    • Firefox: Options > Privacy & Security > Clear Data
  4. Close all browser windows.
  5. Reopen the browser and log in again.

If the error persists, continue to the next steps.

Step 2: Clear Cached Credentials

Sometimes, stored authentication tokens in your device cause issues.

How to Clear Cached Credentials on Windows:

  1. Open Windows Credential Manager:
    • Press Windows + R, type control /name Microsoft.CredentialManager, and hit Enter.
  2. Under Windows Credentials, find any credentials related to:
    • Microsoft Office
    • ADFS
    • SharePoint
    • Azure AD
  3. Click Remove to delete old credentials.
  4. Restart your device and log in again.

If you are using a mobile device, sign out and remove any stored passwords.

Step 3: Verify ADFS or Azure AD Token Lifetime Settings

The expiration of authentication tokens depends on configurations in ADFS or Azure AD.

How to Check Token Lifetime in Azure AD:

  1. Open PowerShell as Administrator.
  2. Connect to Microsoft 365: Connect-MsolService
  3. Check token lifetime policies: Get-MsolPolicy
  4. If the session timeout is too short, increase the token lifetime.

How to Extend Token Lifetime in Azure AD:

  1. Open PowerShell and run: New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"8:00:00"}}') -DisplayName "ExtendedTokenPolicy" -Type "TokenLifetimePolicy"
  2. Apply the new policy: Add-AzureADServicePrincipalPolicy -Id <ServicePrincipalId> -RefObjectId <PolicyId>
  3. Restart the authentication service.

Step 4: Check ADFS Token Lifetime and Update If Necessary

For organizations using ADFS, token lifetimes can be configured.

How to Check ADFS Token Lifetime:

  1. Open PowerShell on the ADFS server.
  2. Run the following command: Get-AdfsRelyingPartyTrust | Select-Object Name, TokenLifetime
  3. The default token lifetime is 60 minutes. If this is too short, extend it.

How to Increase Token Lifetime in ADFS:

  1. Run the following command: Set-AdfsRelyingPartyTrust -TargetName "Microsoft Office 365" -TokenLifetime 480 (This sets the token lifetime to 8 hours).
  2. Restart ADFS: Restart-Service adfssrv

Step 5: Ensure System Time Synchronization

A time mismatch between your system, ADFS, and Azure AD can cause tokens to expire prematurely.

How to Sync System Time (Windows):

  1. Open Command Prompt as Administrator.
  2. Run the following command: w32tm /resync
  3. Verify the time zone: tzutil /g
  4. If the time is incorrect, update it via Control Panel → Date & Time.

How to Sync ADFS Server Time:

  1. Open PowerShell on the ADFS server.
  2. Run: w32tm /config /manualpeerlist:"time.windows.com" /syncfromflags:manual /update
  3. Restart the Windows Time Service: net stop w32time && net start w32time

Step 6: Check Conditional Access Policies in Azure AD

Conditional Access Policies may enforce strict re-authentication settings.

How to Check Conditional Access Policies:

  1. Log into Azure AD Admin Center.
  2. Navigate to Security → Conditional Access.
  3. Look for policies that enforce session expiration.
  4. If necessary, adjust policies to allow longer authentication sessions.

Step 7: Check Browser and Device Trust Policies

Some organizations require devices to be trusted before maintaining authentication sessions.

How to Check Device Compliance in Intune:

  1. Log into Microsoft Endpoint Manager: https://endpoint.microsoft.com.
  2. Go to Devices → Compliance Policies.
  3. Check if your device is marked as compliant.

If your device is not compliant, it may be forced to reauthenticate frequently.

Step 8: Contact IT Support or Microsoft Support

If you continue to experience frequent token expiration, report the issue to your IT team or Microsoft Support.

Information to Provide to IT Support:

✔ The exact error message received.
✔ Steps you have already tried.
✔ The last time authentication worked correctly.
✔ Any recent changes to policies or configurations.

Leave a Reply

Your email address will not be published. Required fields are marked *