To secure you service provider, limit the validity period of Security Assertion Markup Language (SAML) 2.0 messages that the service provider receives. However, delays in computer networks and skewed clocks can cause otherwise valid messages to become invalid. Use this procedure to configure how much time before and after the instant the identity provider created the SAML message that the service provider can accept it. The time of message creation is recorded in the SAML message in the IssueInstant attribute.