diff --git a/charts/keycloak/Chart.yaml b/charts/keycloak/Chart.yaml
index 39cad307c..095a09000 100644
--- a/charts/keycloak/Chart.yaml
+++ b/charts/keycloak/Chart.yaml
@@ -3,7 +3,7 @@ name: keycloak
 description: A Helm chart to deploy keycloak as OIDC provider in openmfp
 
 type: application
-version: 0.62.2
+version: 0.62.3
 appVersion: "1.16.0"
 
 dependencies:
diff --git a/charts/keycloak/README.md b/charts/keycloak/README.md
index e1ae30e04..ca8acad00 100644
--- a/charts/keycloak/README.md
+++ b/charts/keycloak/README.md
@@ -21,7 +21,8 @@ A Helm chart to deploy keycloak as OIDC provider in openmfp
 | crossplane.providerConfig | object | `{"name":"keycloak-provider-config","namespace":"openmfp-system"}` | crossplane provider config |
 | crossplane.providerConfig.name | string | `"keycloak-provider-config"` | name of the client |
 | crossplane.providerConfig.namespace | string | `"openmfp-system"` | client namespace |
-| crossplane.realm | object | `{"displayName":"OpenMFP","name":"openmfp","registrationAllowed":true}` | crossplane realm config |
+| crossplane.realm | object | `{"accessTokenLifespan":"8h","displayName":"OpenMFP","name":"openmfp","registrationAllowed":true}` | crossplane realm config |
+| crossplane.realm.accessTokenLifespan | string | `"8h"` | realm access token lifespan |
 | crossplane.realm.displayName | string | `"OpenMFP"` | realm display name |
 | crossplane.realm.name | string | `"openmfp"` | realm name |
 | crossplane.realm.registrationAllowed | bool | `true` | realm registration allowed |
diff --git a/charts/keycloak/templates/crossplane/realm.yaml b/charts/keycloak/templates/crossplane/realm.yaml
index e3e11db91..a04307633 100644
--- a/charts/keycloak/templates/crossplane/realm.yaml
+++ b/charts/keycloak/templates/crossplane/realm.yaml
@@ -5,7 +5,8 @@ metadata:
   name: {{ .Values.crossplane.realm.name}}
 spec:
   forProvider:
-    accessTokenLifespan: 1h
+    accessTokenLifespan: {{ .Values.crossplane.realm.accessTokenLifespan }}
+    ssoSessionIdleTimeout: {{ .Values.crossplane.realm.accessTokenLifespan }}
     attributes:
       organizationsEnabled: "true"
     displayName: {{ .Values.crossplane.realm.displayName }}
diff --git a/charts/keycloak/tests/__snapshot__/crossplane_test.yaml.snap b/charts/keycloak/tests/__snapshot__/crossplane_test.yaml.snap
index ccefb97b0..7db73ea4f 100644
--- a/charts/keycloak/tests/__snapshot__/crossplane_test.yaml.snap
+++ b/charts/keycloak/tests/__snapshot__/crossplane_test.yaml.snap
@@ -143,7 +143,7 @@ matches the snapshot:
       name: openmfp
     spec:
       forProvider:
-        accessTokenLifespan: 1h
+        accessTokenLifespan: 8h
         attributes:
           organizationsEnabled: "true"
         displayName: OpenMFP
@@ -153,5 +153,6 @@ matches the snapshot:
         realm: openmfp
         registrationAllowed: true
         registrationEmailAsUsername: true
+        ssoSessionIdleTimeout: 8h
       providerConfigRef:
         name: keycloak-provider-config
diff --git a/charts/keycloak/values.yaml b/charts/keycloak/values.yaml
index dd5832b19..d68a8658c 100644
--- a/charts/keycloak/values.yaml
+++ b/charts/keycloak/values.yaml
@@ -28,6 +28,8 @@ crossplane:
     displayName: OpenMFP
     # -- realm registration allowed
     registrationAllowed: true
+    # -- realm access token lifespan
+    accessTokenLifespan: 8h
 
   clients:
     openmfp: