Skip To Content

Specify the default token expiration time

If you're using portal's built-in identity store, a token is used to authenticate members. When a user attempts to access the portal, they provide their user name and password. Portal for ArcGIS verifies the supplied credentials, generates a token, and issues a token to the member.

A token is a string of encrypted information that contains the user's name, the token expiration time, and other proprietary information. When a token is issued to the member, they can access the portal until the token expires. When it expires, the member must provide their user name and password again.

The default expiration time is two weeks (20,160 minutes). Although this may be appropriate for your organization, a token with a longer expiration time is less secure. For example, a token intercepted by a malicious user can be used until the token expires. Conversely, a shorter expiration time is more secure, but members will need to enter their user name and password more frequently.

To change the default token expiration time, follow the steps below. The value you specify applies to all members; you cannot specify different values for specific members.


Signing in using an IDP-initiated SAML login does not honor this value. In this case a hard coded 2 hour token expiration is used.

  1. Sign in to the ArcGIS Portal Directory as an Administrator of your organization. The URL is in the format
  2. Click Portals > Self.
  3. Scroll to the bottom of the page and click Update.
  4. Update the Max Token Expiration Minutes field with the desired value (in minutes). For example, enter 1440 to specify an expiration period of one day.
  5. Click Update Organization to apply your changes.