Multiple Users Accessing Single Concurrent Login Apps Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
David LindoresDavid Lindores 

Multiple Users Accessing Single Concurrent Login Apps

Hello, I am wanting to use the Okta API in assisting with an issue we’ve been having. We have a system where only one concurrent user is to be allowed logged in to an app at a time, when another user logs in the first user is automatically kicked-off. We would like something in place that, ideally, would produce an alert when a log-in is attempted while another user is logged in and provide details such as the Name of the currently logged in user and the Time they logged in. 

I’m not sure the best way to go about this, ideally we would add functionality to the Secure Web Authentication Plugin that would perform this check but I am unsure of the feasablility of this. Another option I was thinking about, is potentially having a ‘dashboard’ of sorts that will display each App along with last sign in date/time and user? The way I was planning on doing this was to use the Events API to get all sign on events that occurred in the last X hours. (e.g. {{url}}/api/v1/events?limit=1000&filter=action.objectType eq "app.auth.sso" and published gt "2017-02-01T12:00:00.000Z") and from that getting the most up to date access to each App and the User that logged in.

However, I would also like a way to know if the user has signed out of the App but when using the Events API to get all signout events, the App the user has logged out from does not appear in the “targets”, is there another way to get this information? Does Okta know if someone is still active on a site or know when they close the tab/browser or only actual sign off events?

Has anyone attempted to create something like this before or does anyone have any pointers before I attempt this? I’ve never used the Okta API before so may be missing something that would prove to be helpful. 
Emanuel CostisorEmanuel Costisor (Okta, Inc.)
Hi David,
Your approach of using the events API is good if you are looking to create an automatic system to monitor Okta and generate the neccessary reports.
However, Okta evens are limited to Okta actions. For your exact usecase, accessing an app from Okta will generate an event, but signing out of an Okta integrated app is not an Okta event. When it comes to authentication, Okta will only broker it, but after you've successfully signed into the app, Okta has no control and cannot monitor the end app or the user that just signed into it.
If I understood your issue correctly, you are looking for a monitoring system to track the user currently signed into the app (as long as the user logged in through Okta, an Okta log entry will be generated), display this to the next user that wants to sign in (Okta does not have a feature to alart users of such events) and in case the user signed out of the app, allow the next user to sign in (this event is not logged into Okta as explained above).

The solution in this case is to work with the app owners for a more ehanced functionality of the app.