How to setup Session Invalidator feature

This feature invalidates all prior sessions once the user logs in from a new device or location, ensuring that only the current session remains active. It also enhances the security as well.

Follow the below steps to set up Session Invalidator feature

1. Login to ZTrust Admin Console.

2. Click on Authentication.

1. Click on Copy and create a copy of Browser Flow.

1. Provide any name. For example - Session Invalidation and click on OK.

1. Delete all except the Session Invalidation Forms.

1. Click on Add execution.

1. Click on dropdown for Provider and select - Advanced Session Invalidator.

Field Name	Mandatory (Yes/No)	Field Type	Description
Provider	Yes	Dropdown	Enter the configuration that is needed.

1. Click on Save.

2. For Advanced Session Invalidator, make the requirement as Required.

1. For Advanced Session Invalidator, click on Actions and then Config.

1. Mention the MAX Allowed session per user as 1. Enter the other details as required.

1. Click on Save.

2. Click on Bindings.

Field Name	Mandatory (Yes/No)	Field Type	Description
Browser Flow	Yes	Dropdown	Select the process flow as required during Logging in
Registration Flow	Yes	Dropdown	Select the process flow as required during user registration
Direct Grant Flow	Yes	Dropdown	Select the process flow as required during
Reset Credentials	Yes	Dropdown	Select the flow as required during the credentials reset process
Client Authentication	Yes	Dropdown	Select the flow which you want to use for the Client Authentication flow

1. Click on Browser Flow and select Session Invalidation from the dropdown.

1. Click on Save.

Session Invalidation feature is configured now.