← Back to Explore
T1606.002
SAML Tokens
An adversary may forge SAML tokens with any permissions claims and lifetimes if they possess a valid SAML token-signing certificate.(Citation: Microsoft SolarWinds Steps) The default lifetime of a SAML token is one hour, but the validity period can be specified in the <code>NotOnOrAfter</code> value of the <code>conditions ...</code> element in a token. This value can be changed using the <code>AccessTokenLifetime</code> in a <code>LifetimeTokenPolicy</code>.(Citation: Microsoft SAML Token Lifet...
SaaSWindowsIaaSOffice SuiteIdentity Provider
2
Detections
1
Sources
0
Threat Actors
BY SOURCE
2elastic
PROCEDURES (1)
Authentication Monitoring2 detections
Auto-extracted: 2 detections for authentication monitoring