Managing User Sessions

Use the Session Table, located in Sessions, under the User Management section of the Admin page to view a list of all the users currently logged in to your Sisense account.

The Sessions Tables provides the following information about currently logged-in users:

  • Username: The Sisense username
  • Name: The user's first and last name
  • Domain: The part of the user's email address after the @ sign
  • Current Sessions: The number of sessions the user has open
  • Session Duration: The amount of time from the first session until now

The Session Table is useful for monitoring who is currently logged in and who might be abusing their license. For example, if you need to declare some downtime, you can view the currently logged in users and end their sessions manually by revoking their session.

If you believe that a user is abusing their license, you can check the Current Sessions column to see how many sessions they currently have open. Users can open multiple tabs in their browser to open multiple sessions, or by sharing their account information with other users. To view which users have the most sessions currently open, click the Current Sessions table heading, which sorts it numerically.

Note:

User session in Sisense Mobile aren't included in the Session Table.

Revoking a Session

From the Session Table, you can revoke a user's session. Revoking the session ends the user's current session. It doesn't revoke the user's API tokens.

When a user's session ends, the next time the user tries to perform an action in Sisense , a message is displayed that the session has ended and your users are prompted to log in again.

To revoke a session:

  1. In the Admin tab, click Sessions Table in the menu.
  2. Locate the relevant user in the Session table. You can click
    and enter the user's information in the Search field to locate the user quickly. As you begin to type, the results are filtered.
  3. For the relevant user, click and confirm that you want to revoke the session by clicking Revoke. The next time the user performs an action in Sisense , they're redirected back to the Login page.

Setting Session Inactivity Timeouts

When a user signs into Sisense, a session cookie is stored in their browser. The session cookie allows the user to remain logged in and authenticated even after ending a session for seven days.

For security reasons, you might want to end your user's session sooner. Sisense provides two methods for ending a user session, according to the user's cookie or by the amount of session inactivity as recorded by Sisense.

When a user's session ends, the next time the user tries to perform an action in Sisense , a message is displayed that the session has ended and they're prompted to log in again.
After making any changes to your users' session timeout settings, all of your users' sessions are terminated and they're required to log in again.

If you have implemented SSO, your users will be logged out and redirected to the IdP to re-authenticate.

To set the session inactivity timeouts:

  1. In Sisense , open the Admin tab and click Security Settings.
  2. In the Session Management area, select the method you want to use for defining when a user's session ends:

Cookie

Define how much time must pass before a user's session is ended, according to the user's cookie. This is the default behavior for Sisense .

  1. Expiration(days): The number of days that must pass for a user's session to end. The default is 7 days. You can enter 0 so your users' sessions do not expire, as long as they have the cookie.
  2. Show "Remember Me" checkbox on Login screen: Toggle to remove the Remember Me checkbox from the Login screen. If you disable this option and a user ends a session, they must log in again the next time they try to access Sisense .
  3. Session Inactivity
    Define how many minutes of inactivity must pass before a user or Administrator is logged out.

    Note:

    By selecting this option, you can set a custom session timeout for your Sisense user groups. See Managing User Groups for more information.

  • Default Inactivity Timeout (min.): How much time must pass before a user is logged out. The default is 30 minutes.
  • Admin Inactivity Timeout (min.): How much time must pass before an Administrator is logged out. The default is 30 minutes.

3. Click Save.