d897u (d897u) asked a question.
What happens to Old okta session after user login in to the application because of SAML request with ForceAuthn=true ?
We want to user to authenticate everytime user logs out. hence, he/she should be given a login prompt. we have implemented this by setting ForceAuthn=true in SAML request send on application logout.
Query is :
a) After re-login, is a brand new session created ?
b) If yes, then old Okta sessions expires immediately?
c) Is there a way that the user is given an old okta session on re-login when ForceAuthn=true ?
Hi @d897u (d897u) , Thank you for reaching out to the Okta Community!
This subject is tangentially discussed here as well.
Application logout does not end the Okta session unless you explicitly configured Single Log-out.
The Okta session ends when the users triggers a logout from the Okta dashboard, the lifetime expired as per the Sign-on policy configuration or is triggered by an admin.
The Honor Force Authentication ( ForceAuth=true ) option will just prompt the user to re-enter their credentials when attempting to login to that specific app.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
The Okta Community Catalysts Program is now live. Collect online badges when you participate in the Okta Help Center Questions community. Learn more here.