Skip to main content

Overview

Session management allows workspace administrators to control active user sessions within Langdock. The primary feature is the ability to invalidate all user sessions at once, forcing every user in the workspace to re-authenticate. This capability is essential for maintaining security hygiene and responding quickly to security events that require immediate action across your entire user base.

Log All Users Out

The “Log all users out” feature immediately invalidates all active sessions in your workspace. When triggered, every other user will be logged out and required to sign in again. The administrator who triggers the action keeps their session so they can continue managing the workspace.

When to Use This Feature

Consider using session invalidation in the following scenarios: Security Incidents
  • Suspected unauthorized access to the workspace
  • Compromised user credentials discovered
  • Security breach investigation requiring immediate containment
  • Unusual login patterns or suspicious activity detected
Policy Changes
  • Updated authentication requirements (e.g., enabling SAML SSO)
  • Changes to IP restrictions that need immediate enforcement
  • New security policies requiring fresh authentication
Personnel Changes
  • Employee departures where immediate access revocation is needed
  • Organizational restructuring affecting access permissions
  • Contract terminations requiring immediate session closure
Routine Security Maintenance
  • Periodic session refresh as part of security hygiene
  • After security audits that recommend session rotation
  • Following password policy updates

What Happens When Triggered

When you log all users out:
  1. Immediate invalidation: All active sessions across the workspace are immediately invalidated
  2. All other users logged out: Every user except the administrator who triggers the action is logged out
  3. Re-authentication required: Affected users must sign in again using their configured authentication method (password, SSO, etc.)
  4. No data loss: User data, conversations, and settings remain intact
This action affects all other users immediately. Your own session is preserved so you can continue managing the workspace.

How to Log All Users Out

  1. Navigate to Security Settings in your workspace
  2. Scroll to the bottom of the page
  3. Click the Log all users out button
  4. In the confirmation dialog, review the warning that all users will need to log in again
  5. Click Log all users out to confirm
After confirming, you’ll see a success message indicating all sessions have been invalidated. You may be redirected to the login page shortly after.

Best Practices

Before Invalidating Sessions

  • Communicate with users: When possible, notify users before a planned session invalidation to minimize disruption
  • Verify authentication methods: Ensure all users have working authentication methods configured (especially if you recently changed SSO settings)
  • Check support availability: For large organizations, consider timing session invalidation when IT support is available to help users who encounter login issues

Security Recommendations

  • Combine with other security measures: Use session invalidation alongside IP restrictions and SAML SSO for comprehensive security
  • Document incidents: Keep records of when and why session invalidation was triggered for compliance and audit purposes
  • Regular rotation: Consider periodic session invalidation as part of your security hygiene routine, especially for sensitive workspaces

Response to Security Incidents

When responding to a security incident:
  1. Invalidate sessions first: Immediately log all users out to contain potential threats
  2. Investigate: Review audit logs and identify the scope of the incident
  3. Remediate: Address the root cause (e.g., reset compromised passwords, revoke suspicious access)
  4. Communicate: Inform affected users about the incident and any actions they need to take
  5. Review: After resolution, assess whether additional security measures are needed

Combining with Other Security Features

Session management works best when combined with other Langdock security features:
FeaturePurposeWhen to Use Together
IP RestrictionsLimit access by network locationAfter updating IP allowlists, invalidate sessions to enforce new restrictions immediately
SAML SSOCentralized authenticationAfter enabling or modifying SAML configuration, force re-authentication to ensure users sign in through the new method
SCIM ProvisioningAutomated user managementWhen deprovisioning users via SCIM, session invalidation ensures immediate access removal

Need Help?

If you encounter any issues with session management or have questions about security best practices, reach out to support@langdock.com for assistance.