IDP initiated Logout and HeartBeat check


#1

Hi

Does Okta support IDP initiated Logout, meaning if I were to log out of Okta, I would also want to be logged out of a SP.
Is there a config in Okta where we could specify a SP endpoint, where I can receive a notification/response so that we can invalidate the user’s SP session?

Can SP make the call to session’s API : GET /api/v1/sessions/:id
In the docs, it says that this is an admin operation and requires an API token.
We wanted to use this API to do a heartbeat check with Okta, to see if user’s Okta session is still valid?
Do you have any other recommendation?

Consider this scenario :

A user logs into Okta, selects SP app from applications and is redirected to SP. User is now terminated from the organization, and looses access to Okta. How would SP know that, so that they can terminate his session with SP app?

Any inputs would be appreciated.


#2

Hello Pavan,

We only support logging out of the SP and then automatically logging you out of Okta, but not logging you out of Okta and all your SPs.


#3

Matt Thank you !

Your thoughts on a question I asked above :

Can a Service Provider (SP) make the call to session’s API : GET /api/v1/sessions/:id
In the docs, it says that this is an admin operation and requires an API token.


#4

Yes, this is an admin operation. However, you should be able to create an API Token and use this with your SP’s call to the session API.