Christian Meixner Posted August 15 Posted August 15 Based on this discussion here: I'd like to suggest a feature. Because users, who use OAuth2 based SSO don't have the option to uncheck the "remember me" option when loggin in their session never expires. So they stay logged in forever on every device they ever logged in (if they don't log out manually). I'd like to haven an option in AdminCP, to configure in the OAuth2 SSO configuration, that sessions with this OAuth provider should expire after x hours/days. IPS should than check, if the user is still logged in at the SSO provider. And if not, than terminate the session.
Recommended Posts