When clearing remote session of okta using /logout endpoint, it is not removing all the active sessions for the user.
Endpoint I used
${issuer}/oauth2/v1/logout?id_token_hint=${idToken}`
user A has logged in to 2 applications secured by Okta using single sign on feature. Now, IF user A do logout from one application, he should be logged out from both.
Can you please help to find out way to clear all the active session in okta?
In the documentation, there is a note that says it does not apply for web sign-in. So don’t end sessions across other browsers, correct? If it is correct, is there another way to do this?
" Note: This operation doesn’t clear the sessions created for web sign in or native applications."
Currently the API does not offer a way to list all the sessions a user may have open. There are two ways that can clear all the user’s sessions though:
The easy but ugly way is to use the API to suspend and then un-suspend the user. Suspending a user clears all their sessions.
The elegant but hard way is to crawl the system log and find the open session ids for the user and then call the sessions API to DELETE them.