Managing user sessions and tokens

Starting from release 2024.2, administrators can manage individual user sessions and tokens through the Validate portal.

The manage user sessions permission allows you to:

  • terminate a user's Validate sessions

  • revoke user tokens

Terminate user sessions

Terminating user sessions can be useful when users are logged into Validate from different IP addresses and have reached the limit of two simultaneous open sessions (see Error: Maximum number of open sessions reached).

To terminate user sessions:

  1. Navigate to Sessions tab in the Validate portal. A list of users will be displayed.

  2. Click the Terminate sessions button next to the specific user sessions you want to end.

    Alternatively, you can select Terminate all sessions to end all user sessions.

Even if you choose to terminate all sessions, this will not log you out of your own session.

Revoke user tokens

Revoking user tokens is an essential security measure to ensure that unauthorized access to resources is prevented, especially when a user's credentials are compromised or when access needs to be terminated.

When you revoke a user's token, they will be prompted to generate a new one in order to be authorized into Klocwork. This also means that users who selected the "remember me" option will be required to log in again once their browser session expires.

To revoke user tokens:

  1. Navigate to Sessions tab in the Validate portal. A list of users will be displayed.

  2. Click the Revoke tokens button next to the specific user tokens you want to revoke.

    Alternatively, you can select Revoke all tokens to revoke all user tokens.

Even if you choose to revoke all tokens, this will not revoke your own token. In order to revoke your own token, return to the Sessions tab and select the Revoke tokens button next to your name.