Best Practice: User Sessions within Aclaimant

As of August 24th, 2023 Aclaimant introduced added functionality around user sessions. In an event that a user has existing sessions, you will now be prompted with a toast message that informs you of multiple active sessions across devices. As a user, you will be able to revoke any session by selecting the Revoke button next to the IP Address and see what session is still active.

image.png

Why?

It is a common and important IT security practice to ensure that users know that there may be multiple sessions (or users logged in under their ID) running at one time. The lack of insight into a user's account sessions becomes a problem if a session is somehow stolen, an ID and a password are obtained, or an account is otherwise compromised.

If multiple sessions are allowed without notification to the user, there is no way for the user to know that their account has been compromised. Aclaimant now informs users and allows for the termination of active sessions in the event that these alternative sessions have been compromised.

 

image.png

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.