How to setup Session Invalidator feature
Last updated
Last updated
This feature invalidates all prior sessions once the user logs in from a new device or location, ensuring that only the current session remains active. It also enhances the security as well.
Follow the below steps to set up Session Invalidator feature
Login to ZTrust Admin Console.
Click on Authentication.
Click on Copy and create a copy of Browser Flow.
Provide any name. For example - Session Invalidation and click on OK.
Delete all except the Session Invalidation Forms.
Click on Add execution.
Click on dropdown for Provider and select - Advanced Session Invalidator.
Provider
Yes
Dropdown
Enter the configuration that is needed.
Click on Save.
For Advanced Session Invalidator, make the requirement as Required.
For Advanced Session Invalidator, click on Actions and then Config.
Mention the MAX Allowed session per user as 1. Enter the other details as required.
Click on Save.
Click on Bindings.
Browser Flow
Yes
Dropdown
Select the process flow as required during Logging in
Registration Flow
Yes
Dropdown
Select the process flow as required during user registration
Direct Grant Flow
Yes
Dropdown
Select the process flow as required during
Reset Credentials
Yes
Dropdown
Select the flow as required during the credentials reset process
Client Authentication
Yes
Dropdown
Select the flow which you want to use for the Client Authentication flow
Click on Browser Flow and select Session Invalidation from the dropdown.
Click on Save.
Session Invalidation feature is configured now.