IDP initiated Logout and HeartBeat check

pavan_recurly · August 31, 2017, 10:51pm

Hi

Does Okta support IDP initiated Logout, meaning if I were to log out of Okta, I would also want to be logged out of a SP.
Is there a config in Okta where we could specify a SP endpoint, where I can receive a notification/response so that we can invalidate the user’s SP session?

Can SP make the call to session’s API : GET /api/v1/sessions/:id
In the docs, it says that this is an admin operation and requires an API token.
We wanted to use this API to do a heartbeat check with Okta, to see if user’s Okta session is still valid?
Do you have any other recommendation?

Consider this scenario :

A user logs into Okta, selects SP app from applications and is redirected to SP. User is now terminated from the organization, and looses access to Okta. How would SP know that, so that they can terminate his session with SP app?

Any inputs would be appreciated.

mraible · September 5, 2017, 6:25pm

Hello Pavan,

We only support logging out of the SP and then automatically logging you out of Okta, but not logging you out of Okta and all your SPs.

pavan_recurly · September 5, 2017, 7:43pm

Matt Thank you !

Your thoughts on a question I asked above :

Can a Service Provider (SP) make the call to session’s API : GET /api/v1/sessions/:id
In the docs, it says that this is an admin operation and requires an API token.

mraible · September 5, 2017, 7:58pm

Yes, this is an admin operation. However, you should be able to create an API Token and use this with your SP’s call to the session API.

system · January 12, 2024, 7:22pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.