Programmatically closing SSO session

Currently we have situations where invalidating the existing SSO session(s) for a user could increase security:

These include:

  1. When the user changes their email address
  2. When a user adds MFA
  3. When a user changes their password

We would like to be able to do this via the management API or via a rule as there is no opportunity to redirect browsers to the logout endpoint client side. The redirect can also be stopped so the existing logout endpoint really is not an option from a security perspective.

I noticed other support tickets asking for a similar feature and would like to know if Auth0 has moved forward with this or plans to in the near future.

Kind Regards,

Hi @drose,
a Session Management capability is definitely in consideration and on our product backlog due to its demand, but not yet available and no ETA to provide.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.