Managing user sessions and tokens

Starting from release 2024.2, administrators can manage individual user sessions and tokens through the Validate portal.

The manage user sessions permission allows you to:

  • log out users from all Validate browser sessions

  • sign out users from all devices by revoking their tokens

Log out user browser sessions

Logging out users from their sessions can be useful when users are logged into Validate from different IP addresses and have reached the limit of two simultaneous open sessions (see Error: Maximum number of open sessions reached).

To log out users from their Validate browser sessions:

  1. Navigate to Sessions tab in the Validate portal. A list of users will be displayed.

  2. Click the Log out from all Validate browser sessions button next to the user.

    Alternatively, you can select Log out all users from all Validate browser sessions to end all user sessions.

Even if you choose to log out all users, this will not log you out of your own session.

Sign out from devices

Signing out users from devices by revoking user tokens is an essential security measure to ensure that unauthorized access to resources is prevented, especially when a user's credentials are compromised or when access needs to be terminated.

When you revoke a user's token, they will be prompted to generate a new one in order to be authorized into Klocwork. This also means that users who selected the "remember me" option will be required to log in again.

To sign out users from all devices:

  1. Navigate to Sessions tab in the Validate portal. A list of users will be displayed.

  2. Click the Sign out from all devices button next to the user.

    Alternatively, you can select Sign out all users from all devices to revoke all user tokens.

Even if you choose to sign out all users, this will not sign yourself out. In order to revoke your own token, return to the Sessions tab and select the Sign out from all devices button next to your name.