AnsweredAssumed Answered

Force login when using OneLogin / SAML

Question asked by Steve Cox on Oct 3, 2016
Latest reply on Oct 11, 2016 by Steve Cox



We're testing SAML authentication via OneLogin and have run into one oddity. (7.6 Pro)


Lets say user1 logs into OnLogin and then picks the SugarCRM application. The user authenticates fine and gets a session set up for Sugar. Now, lets say that user does not log out of sugar but just closes the browser tab. The user then logs out of OneLogin.


On the same machine, another user (user2) logs into OneLogin and starts a Sugar session. Rather than using SAML to authenticate this new user2, it opens up the previous sessions and that user now has access as user1!


Sharing PCs isn't best practice and we could implement shorter session timeouts to log the first user off - but with other apps that are configured for OneLogin, when the user2 logs in and picks an app, those apps are authenticated as user2 (even if user1 has used them immediately before).


Is there a way to force this configuration to re-authenticate for user2?