Revoking Application Authentication Sessions

Document created by user.2oEIBdeQKn Expert on Jan 6, 2016Last modified by user.oxriBaJeN4 on Mar 27, 2017
Version 3Show Document
  • View in full screen mode

This article outlines how administrators may revoke authentication sessions for Mimecast applications.

 

Applies To...

 

  • Administrators with access to the Administration | Services | Applications menu in the Administration Console.

 

Overview

 

When applications register during the authentication process a device specific session is created. These authentication sessions are visible via the Administration Console in the Administration | Services | Applications | Registered Applications menu.

 

The Status column reflects the validity of the session:

 

 

Status
Description
ActiveThe authentication session has been active within the timeframe of the Authentication TTL value set in the relevant Authentication Profile.
ExpiredThe authentication session has not been in use within the timeframe of the Authentication TTL value set in the relevant Authentication Profile. Expired entries will remain visible in the Administration Console for 6 months after they have expired.
RevokedAn administrator has revoked the authentication session. Revoked entries will remain visible in the Administration Console for 6 months after they have been actioned.

 

Once an authentication session has been revoked the next time the application is used all Mimecast application data is removed and the user is logged out.

Authentication sessions for web applications and portals are not reflected.

Revoking an Authentication Session for a Single User

 

Examples of how this functionality may be used are:

  • a device is lost
  • or where an employee leaves the organization.

 

To revoke a single or all sessions for a user, follow the steps below:

  1. In the Administration Console, browse to Administration | Services Applications Registered Applications.
  2. Select the View By and choose User from the drop-down.
  3. Use the Search entering the name of the user.
  4. Select the relevant authentication session using the checkbox to the left of the entry.

    Multiple sessions can be revoked at once by selecting more than one checkbox.

  5. To revoke the sessions select Revoke Selected.
  6. An audit window allows for administrators to enter information relating to the action taken. Examples of use include internal support case reference, HR request details or details relating to the loss of a device etc.
  7. Enter audit details as required and select Revoke Selected.

    Some level of audit information is required, this field cannot be left blank before continuing.

  8. The status of the relevant authentication session is now reflected as Revoked.

 

Revoke Authentication for All Applications and Users

 

Examples of how this functionality may be used are:

  • Password requirements have changed and administrators wish for users to authenticate again.
  • Applications to which users have access have changed and administrators wish to remove access immediately.

 

To revoke all authentication sessions, follow the steps below:

  1. In the Administration Console, browse to Administration Services Applications Registered Applications.
  2. Select Revoke All.

    Revoking all sessions cannot be reverted. Doing so will force every user to re-authenticate with every Mimecast application. Only undertake this action if this is the desired outcome.

  3. An audit window allows for administrators to enter information relating to the action taken. Examples of use include internal support case reference, HR request details or details relating to the loss of a device etc.
  4. Enter audit details as required and select Revoke Selected.

    Some level of audit information is required, this field cannot be left blank before continuing.

Viewing the Audit Detail for a Revoked Session

 

Audit log information for a session showing a status of Revoked may be viewed by following the steps below:

  1. In the Administration Console, browse to Administration Services Applications Registered Applications.
  2. Use the Search field to enter information to locate the relevant session.
  3. Select the session by clicking on it.
  4. The Application Binding Properties view opens, the Note field includes the relevant audit information.

Viewing Sessions by Status

 

  1. In the Administration Console, browse to Administration Services Applications Registered Applications.
  2. Select Status and choose either Active, Expired or Revoked from the drop-down.

 

Why is the Detail for Some Sessions Blank?

 

The session registration process relies on the application passing this detail to the Mimecast API. If the process does not complete, or the application does not pass this data, then an entry will be created but information such as Application Version and Operating System etc will be blank.

Attachments

    Outcomes