Session Management
Session Management allows administrators to monitor and control user sessions across the platform, ensuring security and compliance.
Overview
Session management provides:
- Visibility into active user sessions (who, where, when)
- Termination of individual or bulk sessions
- Policy configuration for session duration, idle timeout, and concurrency
- Re-authentication requirements for sensitive actions
What You Can See
The Sessions page shows the following for each active session:
| Field | Description |
|---|---|
| User name and email | Who is logged in |
| Session start time | When the session began |
| Last activity | Most recent action |
| IP address | Source IP |
| User agent / device | Browser and OS information |
| Session status | Active or idle |
Feature Availability
| Feature | Growth | Enterprise |
|---|---|---|
| View Sessions | Yes | Yes |
| Terminate Sessions | Yes | Yes |
| Session Policies | Yes | Yes |
| Advanced Policies | -- | Yes |
Managing Sessions
Access Session Management through the Security Center:
- Navigate to Security in the top bar
- Click on the Sessions tab
- View all active sessions with user, IP, device, and activity details
Terminating Sessions
- Single session: Click the terminate button next to any session
- All user sessions: Select a user and terminate all their sessions at once
- Bulk termination: Filter by inactivity period (e.g., inactive for 24 hours) and terminate matching sessions
Session Policies
Configure session behavior in Settings > Security > Sessions:
| Setting | Description | Recommended |
|---|---|---|
| Max Session Duration | Maximum time before forced logout | 8 hours (480 minutes) |
| Idle Timeout | Inactivity period before automatic logout | 30 minutes |
| Max Concurrent Sessions | Sessions allowed per user | 5 |
| Re-auth for Sensitive Actions | Require password re-entry for settings changes, user deletion, etc. | Enabled |
Next: Learn about Incidents for security incident management.