Enable "Keep Me Signed In" for AD FS 3.0

Keep Me Signed In (KMSI) is popularly used around the web-based software world to provide users with a login assurance that persists beyond the current session. In AD FS land, Microsoft call this Persistent SSO. Persistent SSO encapsulates a number of technologies, but the simplest of these is KMSI. KMSI will provide a user with a 24-hour cookie, allowing for logins to persist across browser sessions for up to a day.

Enable the KMSI checkbox with the following simple command on your Primary AD FS server:

Set-AdfsProperties -EnableKmsi:$true

Easy as that! Run this command and your AD FS login page will update and look something like this:

If you start poking through cookies, you’ll see the validity of the sign-in token change. With KMSI off, the cookie is only valid for this session:

With KMSI on, the cookie is valid for 24 hours from the second it is provided to me:

Written on June 25, 2015