Control User Access from Different Machines

This feature places the limits on a user's access to the OIPA system from multiple machines and multiple browsers. The system allows a user to create multiple sessions to the same environment using the same security credentials. These sessions can be on the same browser, different browsers and different machines, but this feature may limit multiple sessions from any number of machines or multiple browsers from the same machine.

With this feature, the complete gamut of abilities with a single user credentials,

  • can log into different environments, whether on the same machine or different machines.
  • can log into the same environment from the same machine, whether from different browser tabs, different browsers or different windows.
  • cannot log into the same environment from different machines or different browsers from the same machine.

Setting Control

The customer's environment can turn this feature ON or OFF. The feature is backward compatible so existing customers need not make changes to their environments. Single sign-on and non-single sign-on scenarios should be acceptably accommodated.

The feature will be triggered by a PAS.property called "multipleLoginAllowed".

  • When the property is set to "Yes", multiple logins are allowed across any number of machines and/or browsers. The system defaults to "Yes" when the property does not exist.
  • When the property is set to "No", a single login from a single machine and browser is all that is allowed.
    • A single user credential cannot establish multiple sessions into the same environment, whether on the same machine or different machines.
    • If a single user user credential attempts to login while another session is active/valid on another machine or browser, the user will get a pop-up message with "OK" and "Cancel" buttons.
      • If the user continues with the login by selecting "OK", then the old session will be logged out and a new session will be created for the user.
      • If the user does not continue with the login by selecting "Cancel", then the user is brought back to the login page to attempt a different user credential.

Security

This feature's new behavior will prevent the same user credentials from multiple sessions to the same environment at the same time. Once a user has established a session from a machine, the same credentials cannot establish another session.