Hi everyone, our platform is using Microsoft EntraID as our OIDC provider for authentication. At the moment, we are having issues where we are being logged out every 10 minutes. Steps were followed exactly as described in the official GoodData documentation guide on how to integrate EntraID with the platform. Also, it seems like the tokens aren't refreshing as it should after 1 hour as well. Tried replicating the same issue with other platforms (DBT, Snowflake etc) but had no problems. Does anyone know of the potential cause and a fix for this? Thank you.

Hello Janzen, do you have External Logout turned on in your EntraID? https://learn.microsoft.com/en-us/power-pages/security/authentication/openid-settings

Hi Janzen, I hope you're doing well. I wanted to check if you’ve had a chance to review the latest update from my colleague Joseph. This information would help us understand the issue better and work towards a solution. Please let us know if you still need our assistance.

Hi Mauricio, apologies for the late response, was awaiting for an answer from the tech team as we do not have direct access to Entra, this is what we have set up

Hi Janzen, I believe you need to check the box for "ID Tokens", could you please try this and let us know if it helps?

@Joseph Heun could we please get some confirmation of the reason why the ID Token is needed here? Just needing an auditable chain of justification. Like I am guessing that when a refresh token gets used and no ID Token is present, then Good Data SPA might treat that as not-authenticated in the absence of the ID Token. Would that be a reasonable assumption we can get confirmed please?

Yes, this is exactly it. You can find the documentation on setting up your own OIDC, HERE

Hi Joseph, looks like it has improved a bit now but will observe this more extensively over the next few days, thanks for your help 🙌

Hi Janzen, glad to hear! If you still encounter any issue, please let us know and if possible provide any related TraceID of the error