c2ziv (c2ziv) asked a question.
hi,
Is it possible to implement concurrency rules via OKTA?
If I don’t want more than 100 people to access an application at a single time and we use OKTA for the authentication, can we block user 101 from logging in until there’s space free?
Short version is no. Longer version is also no, but with an explanation of why Okta can't do this. Okta has no sight of the state of your logged in users. It registers that a user has logged in at a point in time, but then redirects the authenticated user to your application. That user can then remain logged in, can logout locally, kill the cookie in their browser, close their browser, shutdown their laptop. Any event that will impact their logged in state happens on the client and Okta has no visibility of that. So it doesn't know if there are 100 logged in or 1000. Or 1. It does have a record of login events to your app, but not whether they are still logged in.
Your app is the only place where the current state is known via sessions.
You could ghetto it up and interogate the Okta logs for the authentication event metrics for your app and then make decisions based on that, but that's not the answer you want. It's also more effort than just have a record of valid sessions in your app and controlling access there.
Thanks for the confirmation, Niall.
That's the same thing I was thinking of. It is the application that can determine how many active connections are there and it is the application where configuration can be made to allow no. of concurrent connections. I was just double-checking.
It's an interesting question though. Okta's job is a point in time response to an authentication request. It sets a session in the cookie, but that is just for the client that performed the authentication. It doesn't ( certainly from an administrator perspective ) maintain the state of the logged in user even for Okta. It relies on the cookie on the client to maintain the logged in state. It doesn't maintain an internal database of the loggedinness ( made up word ) of all the users in the tenant. So extending that out to the apps that are onboarded for SSO is certainly not on the cards.
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
May Okta Community Buzz
Stay ahead of the curve with Okta for AI Agents, new Okta Learning live sessions and labs, shout-outs, and top trending topics—all aimed at enriching your Okta journey.
Short version is no. Longer version is also no, but with an explanation of why Okta can't do this. Okta has no sight of the state of your logged in users. It registers that a user has logged in at a point in time, but then redirects the authenticated user to your application. That user can then remain logged in, can logout locally, kill the cookie in their browser, close their browser, shutdown their laptop. Any event that will impact their logged in state happens on the client and Okta has no visibility of that. So it doesn't know if there are 100 logged in or 1000. Or 1. It does have a record of login events to your app, but not whether they are still logged in.
Your app is the only place where the current state is known via sessions.
You could ghetto it up and interogate the Okta logs for the authentication event metrics for your app and then make decisions based on that, but that's not the answer you want. It's also more effort than just have a record of valid sessions in your app and controlling access there.