Okta AI Agent Access Token Lifetimes Cannot Be Set Below Five Minutes

Organizations with strict security requirements often attempt to set access token lifetimes to less than 5 minutes for Artificial Intelligence (AI) agent workloads. Okta restricts the minimum access token lifetime to five minutes system-wide, including for AI agent tokens. This limit applies even when using a Token Inline Hook.

• Okta Identity Engine (OIE)
• Okta for AI Agents
• Authorization Server Token Policy
• Token Inline Hook

Why does Okta restrict the minimum access token lifetime to five minutes?

Okta enforces a five-minute minimum access token lifetime at the platform level system-wide, including for AI agent tokens. While the Token Inline Hook schema accepts values in seconds, Okta still enforces the five-minute minimum. Reducing the minimum to below five minutes for AI agent tokens is on the Okta product roadmap. Contact the Okta account team to register this requirement.

How to use a workaround involving five-minute tokens and validation logic?

Manage AI agent token lifetimes by combining five-minute tokens with validation logic and architecting agent flows to tolerate the minimum lifetime.

• Use five-minute tokens combined with Token Inline Hook validation logic.
• Architect agent flows to tolerate the minimum lifetime.

NOTE: Token lifetime changes affect all clients on the Authorization Server. Evaluate the impact before setting the lifetime to the minimum.