SSO Sessions

In SSO, an active user session means the user has successfully logged in once, and the session hasn't expired. The session timeframe is defined when configuring the SSO Service. Session management is crucial for creating within the SSO journey custom login logic based on the session status.

For example, if the session is valid, you can add journey steps that show a redirection message and automatically redirect the user to the required app without requiring credentials. If you have MFA enabled, you can add a journey step that only collects user information, such as a username, to implement a lighter login flow without sacrificing security. If the session has expired, the user will be prompted to re-authenticate.

The SSO model supports multiple SSO sessions per browser, as an SSO session correlates with a Clients-Group. This allows a user to authenticate to clients of different groups, each maintaining its own session context.

SSO session logout API

The SSO Session Logout endpoint logs the user out from specific sessions. When the client application sends a request to Mosaic’s /ido/api/v2/auth/sso-logout endpoint, it must include both the clientId and ssoSessionId parameters to target the specific session for logout.

Details

• Endpoint: /ido/api/v2/auth/sso-logout
• Method: POST
• Token: Not required

Parameters

Example

Below is an example of how to log out a specific session using the ssoSessionId parameter:

curl -i -X POST \
  "https://api.transmitsecurity.io/ido/api/v2/auth/sso-logout?clientId=[CLIENT_ID]&ssoSessionId=[SSO_SESSION_ID]" \
  -H "Content-Type: application/json"