diff --git a/connector/hsdp/extend_payload.go b/connector/hsdp/extend_payload.go
index 95c48c65a7..999396f5f2 100644
--- a/connector/hsdp/extend_payload.go
+++ b/connector/hsdp/extend_payload.go
@@ -29,8 +29,10 @@ func (c *HSDPConnector) ExtendPayload(scopes []string, payload []byte, cdata []b
 	}
 
 	// Service identities only support their managing org as the trusted org
+	// and token should expire when the service identity token expires
 	if cd.Introspect.IdentityType == "Service" {
 		trustedOrgID = cd.Introspect.Organizations.ManagingOrganization
+		originalClaims["exp"] = cd.Introspect.Expires
 	}
 
 	for _, scope := range scopes {