SSO Sessions

In SSO, an active user session means the user has successfully logged in once, and the session hasn't expired. The session timeframe is defined when configuring the SSO Service. Session management is crucial for creating within the SSO journey custom login logic based on the session status.

For example, if the session is valid, you can add journey steps that show a redirection message and automatically redirect the user to the required app without requiring credentials. If you have MFA enabled, you can add a journey step that only collects user information, such as a username, to implement a lighter login flow without sacrificing security. If the session has expired, the user will be prompted to re-authenticate.

The SSO model supports multiple SSO sessions per browser, as an SSO session correlates with a Clients-Group. This allows a user to authenticate to clients of different groups, each maintaining its own session context.