Select to view content in your preferred language

Portal - view and end active sessions/tokens

1361
1
11-15-2017 02:58 PM
Status: Open
WilliamDeGraw
Regular Contributor

How do you know which users are currently using Portal, at any given moment in time? Which users have an open, active session/token that can be used later in the day or for the next two weeks?

From an admin perspective - it would be great to have an admin tool to view open, active connections (sessions/tokens) and be able terminate or end the session for any number of security reasons. 

Either an employee gives a two week notice or the individual needs to be walked out of a business (immediate job termination), an ArcGIS Enterprise Admin should be able to immediately end a session/token associated with that user.

My current experience: My Organization area in Portal for ArcGIS has a disable option, but it does not end an active session; user is allowed to navigate Portal freely even though an admin disables the Portal account. Only on deletion of the Portal account does the session get immediately expired.

In some organizations, security dictates the technical implementation of technology. This drive the configuration of applications to reduce risk. In the same ballpark, having admin tools to view and control sessions helps reduce risk to integrity and availability of data (part of the CIA of CISSP, ISC2).

1 Comment
Thiago_Nascimento

Great idea! Currently it seems that after providing credentials to users, admins have no way to control or monitor how they use the resources. Who generated a token? Is a token been used to provide access to thirdy-party non-authenticated users? Is a token been used to unfairly consuming resources? Answers to questions like this should be easily acessible to admins.