Managing user sessions and tokens
Starting from release 2024.2, administrators can manage individual user sessions and tokens through the Validate portal.
The manage user sessions permission allows you to:
-
log out users from all Validate browser sessions
-
sign out users from all devices by revoking their tokens
Log out user browser sessions
Logging out users from their sessions can be useful when users are logged into Validate from different IP addresses and have reached the limit of two simultaneous open sessions (see Error: Maximum number of open sessions reached).
To log out users from their Validate browser sessions:
-
Navigate to Sessions tab in the Validate portal. A list of users will be displayed.
-
Click the Log out from all Validate browser sessions button next to the user.
Alternatively, you can select Log out all users from all Validate browser sessions to end all user sessions.
Sign out from devices
Signing out users from devices by revoking user tokens is an essential security measure to ensure that unauthorized access to resources is prevented, especially when a user's credentials are compromised or when access needs to be terminated.
When you revoke a user's token, they will be prompted to generate a new one in order to be authorized into Klocwork. This also means that users who selected the "remember me" option will be required to log in again.
To sign out users from all devices:
-
Navigate to Sessions tab in the Validate portal. A list of users will be displayed.
-
Click the Sign out from all devices button next to the user.
Alternatively, you can select Sign out all users from all devices to revoke all user tokens.