We use cookies to enhance your experience and measure how the site performs. Choose "Essential Only" to disable analytics. Read our Privacy Policy.

    Odeus Docs

    Session Management

    Manage user sessions and force re-authentication across your workspace for enhanced security control.

    Session Management

    Manage user sessions and force re-authentication across your workspace for enhanced security control.

    Overview

    Session management allows workspace administrators to control active user sessions within Odeus. The primary feature is the ability to invalidate all user sessions at once, forcing every user in the workspace to re-authenticate.

    This capability is essential for maintaining security hygiene and responding quickly to security events that require immediate action across your entire user base.

    Log All Users Out

    The "Log all users out" feature immediately invalidates all active sessions in your workspace. When triggered, every other user will be logged out and required to sign in again. The administrator who triggers the action keeps their session so they can continue managing the workspace.

    When to Use This Feature

    Consider using session invalidation in the following scenarios:

    Security Incidents

    • Suspected unauthorized access to the workspace
    • Compromised user credentials discovered
    • Security breach investigation requiring immediate containment
    • Unusual login patterns or suspicious activity detected

    Policy Changes

    • Updated authentication requirements (e.g., enabling SAML SSO)
    • Changes to IP restrictions that need immediate enforcement
    • New security policies requiring fresh authentication

    Personnel Changes

    • Employee departures where immediate access revocation is needed
    • Organizational restructuring affecting access permissions
    • Contract terminations requiring immediate session closure

    Routine Security Maintenance

    • Periodic session refresh as part of security hygiene
    • After security audits that recommend session rotation
    • Following password policy updates

    What Happens When Triggered

    When you log all users out:

    1. Immediate invalidation: All active sessions across the workspace are immediately invalidated
    2. All other users logged out: Every user except the administrator who triggers the action is logged out
    3. Re-authentication required: Affected users must sign in again using their configured authentication method (password, SSO, etc.)
    4. No data loss: User data, conversations, and settings remain intact

    This action affects all other users immediately. Your own session is preserved so you can continue managing the workspace.

    How to Log All Users Out

    1. Navigate to Security Settings in your workspace
    2. Scroll to the bottom of the page
    3. Click the Log all users out button
    4. In the confirmation dialog, review the warning that all users will need to log in again
    5. Click Log all users out to confirm

    After confirming, you'll see a success message indicating all sessions have been invalidated. You may be redirected to the login page shortly after.

    Best Practices

    Before Invalidating Sessions

    • Communicate with users: When possible, notify users before a planned session invalidation to minimize disruption
    • Verify authentication methods: Ensure all users have working authentication methods configured (especially if you recently changed SSO settings)
    • Check support availability: For large organizations, consider timing session invalidation when IT support is available to help users who encounter login issues

    Security Recommendations

    • Combine with other security measures: Use session invalidation alongside IP restrictions and SAML SSO for comprehensive security
    • Document incidents: Keep records of when and why session invalidation was triggered for compliance and audit purposes
    • Regular rotation: Consider periodic session invalidation as part of your security hygiene routine, especially for sensitive workspaces

    Response to Security Incidents

    When responding to a security incident:

    1. Invalidate sessions first: Immediately log all users out to contain potential threats
    2. Investigate: Review audit logs and identify the scope of the incident
    3. Remediate: Address the root cause (e.g., reset compromised passwords, revoke suspicious access)
    4. Communicate: Inform affected users about the incident and any actions they need to take
    5. Review: After resolution, assess whether additional security measures are needed

    Combining with Other Security Features

    Session management works best when combined with other Odeus security features:

    FeaturePurposeWhen to Use Together
    IP RestrictionsLimit access by network locationAfter updating IP allowlists, invalidate sessions to enforce new restrictions immediately
    SAML SSOCentralized authenticationAfter enabling or modifying SAML configuration, force re-authentication to ensure users sign in through the new method
    SCIM ProvisioningAutomated user managementWhen deprovisioning users via SCIM, session invalidation ensures immediate access removal

    Need Help?

    If you encounter any issues with session management or have questions about security best practices, reach out to [email protected] for assistance.