Nextcloud Desktop App Session Lifetime with Entra Conditional Access

obold · June 5, 2025, 1:35pm

Hi everyone,

We’re currently using the Nextcloud desktop app in combination with Microsoft Entra (formerly Azure AD) and Conditional Access policies. Users log in to the desktop app via SSO with MFA.

We’ve encountered an issue where, after changing the Conditional Access policy to mark a particular device as non-compliant, the user’s session in the Nextcloud desktop app continues to work. File sync is still active, and the user can interact with the app as usual—even though the device should now be blocked according to the updated policy.

Our question is:
How long is the session lifetime in the Nextcloud desktop app when using SSO, and is there a way to force re-authentication or session termination when Conditional Access policies change?

Any insight into how session management works in this context would be greatly appreciated.

Thanks in advance!

obold · June 17, 2025, 8:06am

Any ideas?

scubamuc · June 17, 2025, 8:22am

obold · June 19, 2025, 10:40am

We’ve configured the following settings in config.php:

'remember_login_cookie_lifetime' => 1200,
'session_lifetime' => 1150,
'session_keepalive' => false,

However, these settings do not appear to affect the Nextcloud Desktop app. Even after the session expires according to the configured timeouts, the desktop app continues to sync without any issues.

It seems these parameters only apply to the web interface. Has anyone managed to enforce session expiration or token revocation for the desktop app? Any advice or confirmation would be appreciated.

Thanks!