diff --git a/api/controllers/web/passport.py b/api/controllers/web/passport.py
index af043ec69d..023c622125 100644
--- a/api/controllers/web/passport.py
+++ b/api/controllers/web/passport.py
@@ -115,11 +115,11 @@ def decode_enterprise_webapp_user_id(jwt_token: str | None):
     # check if sso has been updated
     if auth_type == "external":
         last_update_time = EnterpriseService.get_app_sso_settings_last_update_time()
-        if granted_at and datetime.fromisoformat(granted_at) < last_update_time:
+        if granted_at and datetime.fromtimestamp(granted_at, tz=UTC) < last_update_time:
             raise Unauthorized("SSO settings have been updated. Please re-login.")
     elif auth_type == "internal":
         last_update_time = EnterpriseService.get_workspace_sso_settings_last_update_time()
-        if granted_at and datetime.fromisoformat(granted_at) < last_update_time:
+        if granted_at and datetime.fromtimestamp(granted_at, tz=UTC) < last_update_time:
             raise Unauthorized("SSO settings have been updated. Please re-login.")
     return decoded
 
diff --git a/api/services/webapp_auth_service.py b/api/services/webapp_auth_service.py
index 89dac439a6..7f08bb6231 100644
--- a/api/services/webapp_auth_service.py
+++ b/api/services/webapp_auth_service.py
@@ -1,5 +1,6 @@
 import random
 from datetime import UTC, datetime, timedelta
+from time import time
 from typing import Any, Optional, cast
 
 from werkzeug.exceptions import NotFound, Unauthorized
@@ -113,7 +114,7 @@ class WebAppAuthService:
             "session_id": account.email,
             "token_source": "webapp_login_token",
             "auth_type": "internal",
-            "granted_at": datetime.now(UTC).isoformat(),
+            "granted_at": int(time()),
             "exp": exp,
         }