In salesforce, can we allow specific user to login one at a time globally ? If he is login into the salesforce already, then he should not be able to login again, unless first active login gets loggoff. Is there any way we can achieve this using OOTB?
I don't think this is possible. Sessions in Salesforce can be locked to the original IP address though, which would prevent you from logging from two different locations. You can also set sessions to have a 15 minute timeout, so if they logged in a second time, after a little bit, the first session would be terminated.
Related
I have tried multiple times to get this to work, but I haven't figured it out yet, so I'm asking in here, hoping that someone will be able to help me out.
I am using Atlassian's Bitbucket, Jira and Bamboo and they're all synced with an AD. At the moment I am using my AD user to retrieve all the other users. It works, but it's not optimal, as the password expires every three months, and I have to change the LDAP user login info on all three applications. We have ordered a Service User, where the password doesn't expire, but the problem is that the Service User is in another group.
The picture below shows how the AD is set up. My Service User is in a group called Special Users. I would like to use this user as the login user in the settings. This way I would never have to think about changing password, when my AD password expires.
I would then like to retrieve all the users from the "Normal Users" group.
Let me know if more information is needed.
Thanks.
You could also add multiple user directories pointing to different parts of your Active Directory.
Jira has an internal Crowd out of the box.
You may let Jira connect to User directory and let all other application use Jira for authintication.
This would save time by only updating your LDAP password every 3 months on 1 application and reflected on all 3 applications
I have a Asp.net MVC application that uses Azure AD and OpenID Connect OWIN middlewares to handle authentication. Everything works fine except for one thing : if a user is already logged-in on another Microsoft Application lets say a Office 365 account or maybe a live mail account, when trying to login it recives a page saying that it is not allowed to log into my app, which is correct, but some how I need to catch that situation in my code to allow the user to sign in with a different account. Is there a way of doing that? This is by design? I mean : the user have to log in only with a live/azure account at the time ? I couldn't find any documentation about this.
As of today there is typically one user at a time, but we will soon support for you a way to select a specific user instead of automatically signing you in with the most recent one.
One way you can work around this today is by injecting the parameter "prompt=login" in your sign in requests. You can do that in the RedirectToIdentityProvider notifications, similarly to what is showin in http://www.cloudidentity.com/blog/2014/11/17/skipping-the-home-realm-discovery-page-in-azure-ad/ for domain_hint. This will cause the sign in experience to always start with a fresh prompt even if the user is already signed in. The draw back is that you'll never get SSO this way. Hopefully our account switiching feature will become available soon, keep an eye on http://blogs.technet.com/b/ad/ for announcements
Wanted to know if there is any way to find when your session is about to expire while using class Ext.data.Session, as the Ext.data.Session does not provide any event. As per the definition of the class it is used to store session information with the server data being loaded.
What I want do in my application is user login session management. That is when a user logs in it starts a session and when the session is about the expire I prompt to the user that your session is about to expire. Any event performed in the application resets the session timeout time.
I have checked this example on Miami code but as per the logic, the session will be tracked from the time of loging in. But wont be updated whenever there is some event in the application. Hence irrespective of user performing any event the user will be promted that his session is about to expire. This not helping me, as I need to reset the timer if the user performs some activity.
Let me know if I am driving the question in the right direction, else will rephrase accordingly.
Well, Ext.data.Session and User Login Session what you need are two entirely different things.
Ext.data.Session manages data stored in various records such a way that it ensures consistency, uniqueness of the data and saving data to the server.
Thus, Ext.data.Session cannot be used for your purpose.
i want to create a user account using asp page in which only one user can login their account ,if that page is currently logged then no one can log in that page after log out only another user can log in that account
This may give you glimps, in database you may add a table UserLogin with two fields UserId, IsLogin. While loggin in any user check for islogin status if it returns true then dont allow user to login. If returns false then allow user to get login. After successful login switch islogin state true.
Hope I have understand your question.
Darshan Joshi's answer is one way to do it, and if you have a simple enough application it may be sufficient.
Depending on the specifics of your application, you might want to think about different angles.
For example: If more than one distinct page needs to only take one user at a time, I would think about creating a new table with a record for each of these pages. This way, you can set a page as logged-in/in-use using the user's unique ID when someone logs in or access the page. When the user logs out/leaves the page (or if their ASP Session expires- users do not always log out cleanly!) you can "unlock" the page again. Not only that, you might reduce database load by searching specifically for the page record rather than any user with a logged-in flag.
I'm implementing session management and am currently storing 4 types of info in the db:
user_id
session_id (hash)
insertion_time (for timeouts)
persistency (if user
has a persistent cookie)
It is possible for the user to have multiple sessions open with different devices. If the user logs out, how do I know which of those sessions I should delete?
What unique information is usually stored along with the info I've already got? IP address does not really work as it could be shared. Should I store the browser info, but what if it is the same?
You should only use a single session id/hash to recognise a session.
When a user logs in (e.g. with username/password) you will tell them what their session id/hash is.
When a user is browsing, they will tell you their session id/hash for every page load. That's how you know it's an existing logged in user, and not some random new user.
When a user tries to loggout, they will still tell you their session id/hash. You can use that to find and delete the correct single session.
You have to store Last access time Last Modify Time of the Session to calculate the Idle time for Session Timeout.
To Identify the User Session you have to store the browser Id. Browser Id and User Id mapping will lead you to figure it out which session of the User you have to delete.