Unsupported content This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments.

Invalidating end user sessions

A Remedy Single Sign-On (Remedy SSO) administrator can invalidate the session of a user. A session must be invalidated when the maximum time set for that session elapses. For example, if a maximum session time has been set for a user for a longer period (for example, several months) and the user has left the organization before that. In the case of OAuth, the session token might have been valid for a longer duration and hence session invalidation might be needed.

After a session is invalidated, the user is not informed or logged off from the applications. However, the user must enter the credentials at the Remedy SSO login page when the user accesses a BMC application integrated with Remedy SSO.

Note

You can invalidate a user session only for the AR, LDAP, Local, and OAuth authentication mechanisms. Session invalidation is not supported for SAML and Kerberos authentication mechanisms.

To invalidate an end user session AR and OAuth authentication

  1. Log in to the Admin console of Remedy SSO.
  2. From the menu, click Session.
  3. On the Session Report page, locate the required session.
  4. Click Delete in the Action column.

Related topics

Remedy-SSO-server-general-configuration

Configuring-OAuth-2-0

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*