Modifying the WS Intelligent Hub Timeouts

Posted on by steveidm

When you authenticate into the Workspace ONE Intelligent Hub application, it requests an OAuth Token from Workspace ONE Access. The Access Token is good for 7 days with a refresh token which is good for 30 days.

It is often mistaken that this session is controlled by the Workspace ONE Default Access Policy. The default access policy only controls the browser experience.

If you log into Workspace ONE Access, you can see this under Catalog -> Settings -> Remote App Access -> Templates -> GreenBox-TemplateId

Unfortunately, there is no way to control these token times through the administrative interface. If you really need to change these times, you will need to use the API. Although there is an option to delete, I would not recommend you use it.

I recommend you take a look at my previous blog to get you started using the API.

  1. Using Postman, open a new tab.
  2. Set up your Authorization Header appropriately. See my Postman Blog for help setting this up.
  3. Before we update the settings, lets perform a GET to validate the current settings
  4. Enter “GET” as the HTTP Method
  5. Enter the following for the URL: {{tenant_url}}/SAAS/jersey/manager/api/oauth2apptemplates/GreenBox-TemplateId
    ie. https://dsas.vmwareidentity.com/SAAS/jersey/manager/api/oauth2apptemplates/GreenBox-TemplateId
  6. Click Send. You should see a result similar to below:
  1. Change the HTTP Method to “PUT”
  2. Change the Content-Type Header to “application/vnd.vmware.horizon.manager.oauth2apptemplate+json”
  1. Enter the following in the body:

{
"appProductId": "GreenBox-TemplateId",
"resourceUuid": "00000000-0000-0000-0000-000000000000",
"scope": "email profile user napps openid",
"authGrantTypes": "authorization_code refresh_token",
"authorities": null,
"redirectUri": "awgb://oauth2",
"tokenType": "Bearer",
"length": 64,
"accessTokenTTL": 10,
"refreshTokenTTL": 20,
"refreshTokenIdleTTL": 14400,
"displayUserGrant": false
}
Modify the “accessTokenTTL” and the “refreshTokenTTL” as per your requirement. The TTL is indicated in minutes.

  1. You should receive a successful 200 OK response.

One thought on “Modifying the WS Intelligent Hub Timeouts

  1. Pingback: Workspace ONE Access: Best Practices in Policy Management – Steve The Identity Guy

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s