Configure a Concurrent Login Policy

Concurrent Login Policy enables you to configure ActivID AS to limit active sessions to a single session at a time for a single user account. Concurrent Login Policy is configured globally per domain.

When the concurrent login policy is enabled, only one login session is permitted per user. Within the same browser session, different service providers/channels can be accessed for the same user account using the same session.

When the same user tries to access a service provider (for example, ActivID Management Console) from another browser session, the authentication is denied as long as the other session remains opened. The user must wait until the other session is closed or is timed-out.

If a user tries to launch a concurrent login session, the error message “Login is denied. You cannot login as long as your previous session remains open. Logout from the previous session or wait for the session to time out and try again” is displayed.

To configure the Login Policy Session (per domain):

You define the LOGIN_POLICY_SESSION_DUPLICATE_FAIL_<domain> configuration setting in the activid_server.properties file, with one of the following two values:

• True – Authentication Portal calls deny authentication as long as another concurrent login session remains for the same user.

• False – Authentication Portal calls allow concurrent login and federation as per Authentication Portal initial design.