How to prevent multiple logins of a single user in OAC

Venkat Koduvayur-Oracle

Summary:

We are implementing OAC for a large bank where OAC is integrated with IDCS with SSO enabled along with ADFS for user federation. We have a situation where due to customer security policy, want to prevent/restrict multiple user logins of a single user (from other devices/same device but diff browser). The ask is, if the user has active OAC session and attempts to login from other device, the earlier session needs to be terminated/signed out.

I understand that session management has been on the IDCS roadmap. However, want to know if there is any recent update or if this functionality can be achieved via sign-on policies or by any other means via a work around?

Version (include the version you are using, if applicable):

OAC- Jul 2022 update

Code Snippet (add any code snippets that support your topic, if applicable):

Narayanan Subramaniam-Oracle

Hi Venkat ,

The following can be tried, hopefully.

One can create sign-on rules for the default sign-on policy. The rule prevents any users from signing in to the identity domain if they’re using an IP address that falls within the range of a network perimeter defined.

reference : https://docs.oracle.com/en-us/iaas/Content/Identity/signonpolicies/managingsignonpolicies.htm

Regards,

Narayanan

Venkat Koduvayur-Oracle

Hi Narayan,

Already explored this option but this wouldn't work for this requirement. We cannot be definite of the IP ranges of the login users. So if we set this up, it can either accept all IP/will deny access if it falls with in that IP range.

But it should accept connections if it falls in the IP range but should also not accept more than one IP address login for the same user. Some thing like, the earlier session (IP/browser) should be terminated before it accepts the new session with the new IP/browser combination.

Regards

Venkat