SSO Session Termination
Terminates one or all SSO sessions for a user on request of an external service.
Description
This step terminates one or more active SSO sessions for a given user upon an external service request. When the external service sends a session termination request, this step invalidates the relevant sessions' tokens, requiring the user to log in again.
You can configure the step to terminate either a specific session or all sessions associated with a user—by providing a Session ID to target a single session, or a User ID to end all active sessions for that user.
If the step succeeds, it branches to a Complete journey step and terminates the relevant sessions. In case of failure, the error is exposed in the error output variable and the step allows you to define the desired behavior in your journey logic.
Configuration
| Field | Description |
|---|---|
| Action settings | Defines whether to revoke the session token on a specific session or on all active sessions associated with the user. |
| User ID | (when All Sessions is selected) ID of the user whose sessions should be terminated. |
| Session ID | (when Specific Session is selected) ID of the SSO session to terminate. |
Example: Terminate all sessions after suspicious activity
A bank uses Mosaic for SSO across its digital channels. An internal session manager monitors user behavior and detects suspicious patterns, such as simultaneous logins from multiple countries.
When such activity is detected, it triggers a backend process that calls a Mosaic journey to terminate all SSO sessions associated with the User ID, using the SSO Session Termination step.
If successful, the user is logged out from all active applications. If not, the journey captures the error and can log it to support downstream logic, notify security teams, or trigger a retry.