<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Okta Automatic Session Termination on Privilege Change
Mar 23, 2026
Privileged Access
Okta Identity Engine
Overview

Initiating a new user session with different (elevated or reduced) permissions will automatically terminate any existing sft session for that user.

Applies To
  • Okta Privileged Access
  • Security Policy
  • Okta Identity Engine (OIE)
Cause

To maintain policy compliance, active sessions are automatically terminated whenever a user’s permissions are elevated or reduced. This occurs when a user is subject to multiple security policies. For example, if a user has an active session with Admin privileges and subsequently initiates a new session with reduced permissions under a different policy, the existing Admin session will be terminated. The same logic applies when transitioning from reduced to elevated privileges.

Please refer to the OPA documentation for specific session management guidelines.

Solution

When a user is assigned to multiple policies for a single resource, any active session must be terminated if a new connection requires a different policy context with elevated permissions.

Recommended content

Still looking for help?
Loading
Okta Automatic Session Termination on Privilege Change