Enabling Session Management

Enable Features in the Profile, Users, and Security sections of the Builder

Once Session Management has been configured, the next step is to enable those features in the Profile, Users, and Security sections of the Builder so that users with permission have the ability to configure and manage user sessions from the Admin Portal.

The features in the Admin Portal that the permission unlocks include the following:

  • Configure Session Management Settings
  • View User Sessions
  • End User Sessions

Enable session management in the Admin portal so that customer accounts can manage user sessions.

Prerequisites

  • Ensure that Session Management has been configured before proceeding with the configuration of the Profile, Users, and Security sections of the Builder see (doc:configure-session-management)
  • Ensure that the appropriate permissions have been assigned to certain user groups (doc:assign-permissions-to-user-groups)

πŸ“˜

Using Sessions in Frontegg SDKs

In order to gain session management features on our frontend SDKs, make sure to use the correct versions:

  • @frontegg/react >= v4.0.27
  • @frontegg/angular >= v4.19.0
  • @frontegg/vue >= v1.0.19
  • @frontegg/next >= v5.8.0

Profile

Enable customer accounts to view and manage sessions in Profile.

960

Enable Privacy & Security

Navigate to Builder ➜ Profile and toggle the Privacy & Security settings to on.

In the Admin Portal, users with permission should now see sessions listed.

πŸ“˜

Log Out of Session

Users can log out of sessions by clicking the log out button for a particular session.

Collaboration

Enable customer accounts to view and manage sessions in Collaboration.

Navigate to Builder ➜ Collaboration and toggle users on.

In the Admin Portal, users with permission should now see a list of users.

Click on a user's menu to sign out the user from all sessions.

Engagement

Enable customer accounts to configure session management settings in Engagement.

Navigate to Builder ➜ Engagement and toggle security on.

In the Admin Portal, users with permission should now see configuration options for session management.

πŸ“˜

Session Duration

The default session duration is 24 hours.

πŸ“˜

Useful links - Development & Production

Follow the link to enter the Permission Management of your Development environment

Follow the link to enter the Permission Management of your Production environment

User sessions

In the admin portal, you can show your customer's users a list of their own sessions. It shows them details on each sessions like session start time, IP Address, location and device. If your users see that one of their sessions are compromised or they left a device somewhere, they can log out individual (or all) sessions from here.

To turn it on, navigate to Builder ➜ Profile and toggle privacy settings on.

In the Admin Portal, all users should now see their live sessions.

Users can log out of individual sessions or all of them at once.

Other User Sessions

Given the right permissions, admins have control over other user's sessions. For example, if a user in a tenant loses access to their devices, an admin can log that user out of all their sessions.

This feature is included in the Users tab of the admin portal.

Navigate to Builder ➜ Collaboration and toggle Users on.

In the Admin Portal, users with permission should now see a list of users.

Each row in the table has an action menu on the right corner.
By clicking on a row's menu you can log out that specific user from all his or her sessions in your app.

Session Settings

Enable customer accounts to configure session management settings in Engagement.

Navigate to Builder ➜ Engagement and toggle security on.

In the Admin Portal, users with permission should now see configuration options for session management under the "Session Management" tab.
This section provides various settings that give customer accounts greater control over the way users can interact with the application.

Some of the settings have a default behavior:

Idle Session Timeout - If not enabled, the default session duration is 24 hours
Force Re-login - Users stay "Logged in" indefinitely
Maximum Concurrent Sessions - A user can log in into your application as many times as they want