administratively invalidate user's SSO session(s)

Cantor, Scott cantor.2 at
Thu Jan 13 22:54:29 UTC 2022

On 1/13/22, 5:18 PM, "users on behalf of IAM David Bantz" <users-bounces at on behalf of dabantz at> wrote:

>    Got it. That’s actually somewhat helpful in resisting a demand to literally remove existing SSO sessions for a
> user via API.

If you have a developer that wants to reverse engineer what's involved, I can point them at the relevant bits, there's an admin flow that supports generic storage service CRUD operations (localhost of course by default so it's not a threat) and then it's a matter of plowing into the session layout, which is somewhat documented in the design material.

-- Scott

More information about the users mailing list