Identity Cloud

Manage active session quotas

Enabling session quotas allows you to control the maximum number of active sessions a user can have. The quota applies to all active sessions for the same user, and once a user reaches the session limit, the system removes the least recently used session for that user.

You enable session quotas by adding an ESV variable called esv-global-session-quotas-enable-constraints, set to ON. You must add this ESV to each environment (development, staging and production) where you want to enable session quotas.

The default active session limit is 5. This applies to alpha, bravo, and top-level realms, impacting both managed users and admins. If needed, you can adjust the allowed number of active sessions for alpha and/or bravo realms through the Access Management native console.

Enable active session quotas

  1. In the Identity Cloud admin UI, go to Tenant Settings > Global Settings > Environment Secrets & Variables.

  2. Click the Variables tab, and then click + Add Variable.

  3. Enter the following details:

    • Name: global-session-quotas-enable-constraints

    • Type: string

    • Value: ON

  4. Click Save.

If you need to disable active session quotas, delete the ESV or change the Value field to OFF.

Adjust the number of allowed active sessions

You can adjust the number of allowed active sessions for alpha and/or bravo realms.

  1. In the Identity Cloud admin UI, go to Native Consoles > Access Management > Services.

  2. If the session service hasn’t already been added, click Add a Service.

  3. Select Session, and then click Create.

  4. In the Active User Sessions field, enter the number of allowed active user sessions. The default is 5.

  5. Click Save Changes.

Identity Cloud deletes the user’s least recently used session when the value in the Active User Sessions field is reached.

Copyright © 2010-2024 ForgeRock, all rights reserved.