Session monitor
The Monitor > IdP Sessions page is a dedicated monitoring page for administrators to oversee and manage authenticated user sessions in real time. It provides visibility into active IdP and IdP proxy sessions.
The session monitor applies to both direct IdP sessions and IdP proxy sessions managed by FortiIdentity Cloud, providing monitoring capabilities of authentication flows within the system. It presents a comprehensive table view of all active sessions, enabling administrators to quickly assess the authentication landscape.
|
The current implementation is for terminating IdP sessions on FortiIdentity Cloud only when FortiIdentity Cloud is configured as the IdP or the IdP proxy. When an IdP session is terminated by the admin, the end users will be prompted for authentication from FortiIdentity Cloud when the SP/RP session timeout expires. |
Viewing basic session information
Each entry in the session monitoring table shows critical information of the sessions organized in a clear, accessible format.
To view basic session information:
-
On the FIC portal, navigate to Monitor > IdP Sessions.
The following shows the information on the IdP Sessions page.
Parameter Description Username The authenticated user identifier User Source The IdP user source to which the user belongs User Type Whether the user is from FIC’s local source or a remote user Session Start Time Timestamp indicating when the session was established Session Expiry Time Timestamp indicating when the session is scheduled to expire
|
By default, the IdP Sessions page only displays the latest 10 sessions. If a session is not listed in the latest 10 sessions, you can use the filter option to search for the session by username or realm. |
Viewing detailed session information
You can select any session from the table to view its details, which include all the basic information plus the following additional insights:
| Parameter | Description |
|---|---|
| Session ID | Session ID of the session details displayed |
| Location & Device | Location and details of the device from which the session originated |
| Timing | Session duration along with the start and expiration time of the session |
| User | Details of the user, such as username and email, from the user attributes |
| Authentication | IdP user source to which the user belongs |
| User Type | Local or Remote |
| Connected Services | The SSO application from which the user session originated |
| View User Attributes | Click the user attributes to display the attributes from the assertion, for example, Username and Email. |
Terminating a session
You can terminate IdP sessions using one of the following ways:
-
In the Monitor > IdP Sessions page, identify the session, click the three vertical dots and select Terminate. A confirmation pops up with the username and session ID. The IdP session of the user will be terminated once you have confirmed it.
-
Select all the sessions to be deleted and click the Terminate button at the top to bulk-delete all the selected sessions.
-
In the details page of a session, click the Terminate Session button to terminate the session.
Search functionality
The Monitor > IdP Sessions page enables you to quickly search for specific sessions by username or realm. The feature comes in handy for rapid investigation and troubleshooting in environments with many concurrent sessions.