This documentation supports the 18.05 version of Remedy Single Sign-On.

To view the latest version, select the version from the Product version menu.

Invalidating end user sessions

A Remedy Single Sign-On (Remedy SSO) administrator can invalidate the session of a user. A session must be invalidated when the maximum time set for that session elapses. For example, if a maximum session time has been set for a user for a longer period (for example, several months) and the user has left the organization before that. In the case of OAuth, the session token might have been valid for a longer duration and hence session invalidation might be needed.

After a session is invalidated, the user is not informed or logged off from the applications. However, the user must enter the credentials at the Remedy SSO login page when the user accesses a BMC application integrated with Remedy SSO.

Note

You can invalidate a user session only for the AR, LDAP, Local, and OAuth authentication mechanisms. Session invalidation is not supported for SAML and Kerberos authentication mechanisms.


To invalidate a user session for AR authentication

  1. On the Session Report page, locate the required session.
  2. Click Delete in the Action column.

To invalidate a user session for OAuth authentication

  1. On the Server Configuration page, click the Tokens tab.
  2. Locate the required token.
  3. Click Delete in the Action column.

Related topics

Remedy SSO server general configuration

Configuring OAuth 2.0

Was this page helpful? Yes No Submitting... Thank you

Comments