Identity Providers (IdPs) play an increasingly important role in managing access to applications and systems, but before they can be utilized for your applications, it is vital to understand how they relate to user sessions.
When allowing users to log into an application via an external Identity Provider, the following situation may occur for users on a shared machine:
- A user (userA) logs into the application and then logs out.
- Another user (userB) tries to log into the app, but after logging in, the profile of userA is still present.
- External Identity Provider(IdP)
This occurs because when you log in to the app, a session is established both on the Okta and the IDP side. When logout is initiated (for example, using the /logout endpoint in an OpenID Connect integration) only the Okta session is ended but the session on the IDP side is still active, which is why users see the previous user profile in the application.
Since a user session is established both on the Okta and on the IdP side, it is necessary to close the sessions on both sides to log users out fully. To end the user's IdP session, review the documentation of the Identity Provider to determine how to end the user's session from their side.
