Access Manager provides the ability for users to single sign on to back end web servers. These back end web servers provide a series of protected resources that users can only access once authenticated to an Identity Server, and authorised by the Access Gateway. Having parsed the user credentials, and credentials validated against a back end user store, the Identity Server creates and maintains an active session for that user. Only when the user manually logs out of the Identity Server, or if the user’s session timeout expires, then the user’s active session will be removed. If the user continuously accesses protected resources before the session timeout expires, the session can remain active forever.
Use case: You may want to terminate an authenticated user sometimes. Some of the cases are listed below.
User A who currently has an active session on the Identity Server and access to many protected resources, has had a designation change within the organization causing a change to resources that may be available. By forcing user A to logout and login again, his new roles or attributes may be retrieved by the Identity Server and used in policy evaluations by Access Manager to reflect his new position.
User B who currently has an active session on the Identity Server and access to many protected resources, has been asked to leave an organization and all access to protected resources must be removed. By terminating user B’s session on the Identity Server, any subsequent requests to the Identity Server will require the user to login again.
The User Sessions page in the Administration Console helps you to find users logged into your system and also helps to terminate their sessions if required. It displays the active user details for each Identity Server. You can search for a user with the user ID and terminate the sessions.
In the Administration Console, click Auditing > Troubleshooting > User Sessions.
Specify the user ID and click Search. If a match is found, it lists the IP address of the Identity Server and its sessions.
Click Terminate Sessions to terminate the sessions of the specific user.
After you have performed the above procedure, the user sessions are terminated from the Identity Server, and any other trusted service providers it has provided an identity to during this session, for example, an Access Gateway or SAML 2.0 service provider.
NOTE:User details are fetched once per administration session. The last updated date is displayed. To refresh the data, click on Refresh.