Access Manager provides the ability for users to single-sign on to back-end web servers. These back-end web servers provide a series of protected resources that users can access only when authenticated to Identity Server and authorized by Access Gateway. Identity Server creates and maintains an active session for that user after parsing the user credentials, and validating credentials against the back-end user store. The user’s active session is removed only when the user manually logs out of Identity Server or if the user’s session timeout expires. If the user continuously accesses protected resources before the session timeout expires, the session can remain active forever.
The following are few scenarios when you may want to terminate an authenticated user:
User A who currently has an active session on Identity Server and access to many protected resources. His designation has been changed within the organization causing a change to resources that may be available. By forcing user A to logout and login again, Identity Server can retrieve user A’s new roles or attributes and Access Manager can use these in policy evaluations to reflect user A’ new position.
User B who currently has an active session on Identity Server and access to many protected resources, has been asked to leave the organization. User B’s all access to protected resources must be removed. By terminating user B’s session on Identity Server, any subsequent requests to Identity Server will require the user to login again.
The User Sessions page in Administration Console helps you to find users logged in to your system and also helps to terminate their sessions if required. It displays the active user details for each Identity Server. You can search for a user with the user ID and terminate the sessions.
In Administration Console Dashboard, click Troubleshooting > User Sessions.
Specify the user ID in upper case and click Search. If a match is found, it lists the IP address of Identity Server and its sessions.
Click Terminate Sessions.
The user sessions are terminated from Identity Server and any other trusted service providers it has provided an identity to during this session. For example, Access Gateway or SAML 2.0 service provider.
NOTE:User details are fetched once per administration session. The last updated date is displayed. To refresh the data, click Refresh.