Sessions
Last updated
Last updated
When a user logs into realms, ZTrust keeps a user session active for each individual and remembers every client visited by that user within the session.
This includes actions that can be performed on user sessions, such as revocation and signing out all active sessions.
After clicking on Revocation, you will get the below screen.
In case of a system breach, you have the ability to invalidate all user sessions and access tokens.
It serves as a method to revoke all currently active sessions and access tokens.
The Not Before feature allows you to revoke any tokens issued before a specified date and time.
If you want to set the policy with the current time and date, click on Set to now.
To remove the set time and date, click on Clear to delete it.
If you want to push this revocation policy to any registered OIDC Client using the ZTrust Client Adapter, click on Push.
If you decide not to proceed with any action on the user session after making the above changes, click on Cancel.
Clicking on Sign out all active sessions will sign out all users within the realm, invalidating all Single Sign-On (SSO) cookies.
ZTrust notifies clients about the logout event through the OIDC client adapter.
