Universal Logout

Universal Logout lets you terminate users' sessions and their tokens for supported apps when Identity Threat Protection identifies a change in risk.

A user session is the time during which a user is authenticated and authorized to access apps secured by Okta. An app session refers to sessions that an app generates to allow users to access the app's resources.

You can add Universal Logout actions as a response to Post Auth Session and Entity risk policy evaluations. See Post auth session evaluation with Identity Threat Protection and Entity risk policy. You can also manually end a user session from the user risk profile. See End a user session.

Supported apps

The following apps support Universal Logout.

Okta apps

These apps share an identity stack. The user is signed out of all of these apps when Universal Logout is triggered for any of them.

  • Admin Console
  • End-User Dashboard
  • End-User Settings
  • Okta Browser Plugin: When Universal Logout is triggered for this app, the app list appears in the plugin, but users have to reauthenticate if they want to access these apps.

Third-party apps

The permissions required, implementation requirements, and Universal Logout behaviors are different for each of these apps.

Unsupported Okta apps

Universal Logout isn't available for the following Okta applications:

  • Access Gateway
  • Access Requests
  • Identity Governance
  • Privileged Access
  • Workflows

Topics