Guides

Guides

✨ New navigation now live! ✨

Get Started

Create applications

Get client access tokens

Get ready for deployment

B2C Identity

Users

Devices

Email and phone verification

Single Sign-On (SSO) & Federation

Configure SSO Service

Manage SSO authentication policy

Quickstarts

Manage SSO sessions

SSO session logout

Manage SSO sessions externally

Authentication & Authorization

OIDC & OAuth 2.0

FAPI 2.0

Hosted login

Login

Decoupled login flows

Multi-factor authentication

Consent for third-party services

Delegate access to users

Account recovery with Temp Code

Transactions

Sessions & access

Authentication Hub

Fraud Prevention

How it works

Risk detection & mitigation flow

Integration best practices

Quickstarts

Third-party integrations

Test your integration

Plan deployment

Improve risk detection

Security insights

Use case guides

Identity Verification

How it works

Customize experience

Add restriction criteria

Document verification

Face authentication

Analyze and improve verification

B2B Identity

Manage hosted flows

Manage access by roles

Identity federation

Automated Workflows

How it works

Getting started

Node library

Platform Administration

Apps and clients

Management apps

Resources

Admin Portal access

Email/SMS providers

Conversational analytics

Event streaming

Journeys

API Reference

SDK Reference

Developer tools

Manage session lifecycle from external systems

Mosaic supports external session lifecycle control, allowing backend systems within your environment to programmatically terminate or extend user SSO sessions by invoking a journey—without requiring user interaction. This is useful when session management is centralized outside of Mosaic and needs to remain aligned with the session state maintained by Mosaic.

External session control enables backend systems to update session state independently, based on internal logic, monitoring systems, or policy-driven events.

Common use cases include:

A backend service monitors user activity across applications and initiates a logout when risk is detected.
A session manager periodically extends session validity to prevent timeouts during long-running operations.
Centralized session enforcement is required across services that do not directly participate in journey flows.

Mosaic provides the following journey steps to support this integration:

SSO Session Termination : Ends either a specific session or all sessions associated with a user.
SSO Session Keep Alive : Extends the validity of a specific session token or all session tokens associated with a user.