This article outlines how administrators may revoke authentication sessions for Mimecast applications.
Overview
When applications register during the authentication process, a device-specific session is created. These authentication sessions are visible via the Mimecast Administration Console in the Users & Groups | Applications | Registered Applications menu.
The Status column reflects the validity of the session:
| Status | Description |
|---|---|
| Active | The authentication session has been active within the timeframe of the Authentication TTL value set in the relevant Authentication Profile. |
| Expired | The authentication session has not been in use within the timeframe of the Authentication TTL value set in the relevant Authentication Profile. Expired entries will remain visible in the Administration Console for 6 months after they have expired. |
| Revoked | An administrator has revoked the authentication session. Revoked entries will remain visible in the Administration Console for six months after they have been actioned. |
Once an authentication session has been revoked, the next time the application is used, all Mimecast application data is removed, and the user is logged out.
Authentication sessions for web applications and portals are not reflected.
Revoking an Authentication Session for a Single User
Examples of how this functionality may be used are:
- A device is lost.
- Where an employee leaves the organization.
To revoke a single or all sessions for a user, follow the steps below:
- In the Mimecast Administration Console, browse to Users & Groups | Applications | Registered Applications.
- Select View By and choose User from the drop-down.
- Use the Search, entering the name of the user.
- Select the relevant authentication session using the checkbox to the left of the entry.
Multiple sessions can be revoked at once by selecting more than one checkbox.
- To revoke the sessions, select Revoke Selected.
- An audit window allows for administrators to enter information relating to the action taken. Examples of use include internal support case reference, HR request details or details relating to the loss of a device, etc.
- Enter audit details as required and select Revoke Selected.
Some level of audit information is required; this field cannot be left blank before continuing.
- The status of the relevant authentication session is now reflected as Revoked.
Revoking Authentication for All Applications and Users
Examples of how this functionality may be used are:
-
-
- Password requirements have changed, and administrators wish for users to authenticate again.
- Applications to which users have access have changed, and administrators wish to remove access immediately.
-
To revoke all authentication sessions, follow the steps below:
- In the Mimecast Administration Console, browse to Users & Groups | Applications | Registered Applications.
- Select Revoke All.
Revoking all sessions cannot be reverted. Doing so will force every user to re-authenticate with every Mimecast application. Only undertake this action if this is the desired outcome.
- An Audit Window allows administrators to enter information relating to the action taken. Examples of use include internal support case reference, HR request details, or details relating to the loss of a device, etc.
- Enter audit details as required and select Revoke Selected.
Some level of audit information is required; this field cannot be left blank before continuing.
Viewing the Audit Detail for a Revoked Session
Audit Log information for a session showing a status of Revoked may be viewed by following the steps below:
- In the Mimecast Administration Console, browse to Users & Groups | Applications | Registered Applications.
- Use the Search field to enter information to locate the relevant session.
- Select the session by clicking on it.
- The Application Binding Properties view opens, and the Note field includes the relevant audit information.
Viewing Sessions by Status
- In the Mimecast Administration Console, browse to Users & Groups | Applications | Registered Applications.
- Select Status and choose either Active, Expired, or Revoked from the drop-down.
Why is the Detail for Some Sessions Blank?
The Session Registration process relies on the application passing this detail to the Mimecast API. If the process is not complete or the application does not pass this data, then an entry will be created, but information such as Application Version and Operating System etc., will be blank.
Comments
Please sign in to leave a comment.