Revoking a Remote User Session

This article explains how to revoke a remote user's session so they are forced to reauthenticate for continued access to your network.

Overview

To maintain the compliance of remote users connecting to your network, you can revoke the session of a remote user. After a session is revoked, the remote user is prompted to authenticate in the Client using their configured authentication method. On a Windows device, if the user does not authenticate within 10 minutes, WAN and Internet access is blocked for the remote user. On a macOS device WAN and Internet access is blocked for the remote user immediately.  This reduces the risk of unauthorized access. To regain access, the remote user must authenticate in the Client using their configured authentication method.

By forcing the remote user to authenticate, the Client runs the configured device checks. For more information on the Client connection flow, see Understanding the Cato Client Connection Flow.

Revoking a remote user's session is supported on all authentication methods, IdPs, and all supported Client versions.

Use Case - Stolen Device

A remote user has Always-On enabled and authenticates with SSO with a token duration of 2 weeks. Their device is stolen creating a security risk of up to 2 weeks of unauthorized access. To mitigate the risk, the admin revokes the user's session preventing access to the network from the stolen device.

Use Case - Unusual User Activity

Using the Stories Workbench, analysts at company ABC identified a user who is uploading a large amount of data to a file-sharing application. They are unsure if this action is being taken by the user for legitimate reasons or not. They immediately revoke the user session to force reauthentication on the device. The analysts can then continue their investigation knowing that only a legitimate authenticated user can access the network from the device.

Known Limitations

  • Revoking a remote user's session is not supported for Browser Access.

Revoking a Remote User's Session

Revoking a session helps you maintain control over user access.

To revoke a remote user's session:

  1. From the navigation menu, click Access > Users.

  2. On the Users Directory tab, select the user(s) whose session you want to revoke.

  3. From the Actions drop-down menu, select Revoke Session.

Was this article helpful?

1 out of 1 found this helpful

0 comments

Add your comment