Picture this: the next time you open your mobile banking app, someone is already logged in and it isn’t you. Or, in your IT environment, multiple users are logged into an app and they’re all using the same credentials. One may be a bad guy, but with concurrent logins and no accountability or attribution it’s not easy to figure out which one. When a worst-case scenario erupts, suddenly your company becomes the next security breach headline. One simple way to avoid that nightmare is by limiting concurrent logins.
There are many good reasons to limit the number of times a user can be logged in, but finding a good solution isn’t always easy. Look for options that can be configured to record the session ID immediately after a user authenticates, or that can be configured to capture the sessions during the authentication process itself. This provides a crucial layer of security to protect both your environment and your users.
Also look for a solution that has minimal impact on users, limiting concurrent logins should not prevent an authorized access – just because I forgot to log out in the office should not prevent me from accessing from home.
With CA SSO, we have an option called “Limit Concurrent Login.” In addition to recording session IDs immediately after authentication, or capturing sessions during the authentication process, it is flexible enough to allow multiple active sessions – up to a limit. Once a user reaches that limit, it prompts the user that the oldest active session will be terminated. If you don’t have this capability now, we can deploy a packaged work product (PWP) add-on that also delivers extra peace of mind.
The next time you wake up in a cold sweat from that dream where your users are sharing credentials, or you envision failing a compliance audit because access isn’t attributable to an individual user, don’t worry – there’s an app for that. The CA SSO Limit Concurrent Login PWP.
Senior Services Architect Gary Figg figga01 hosted a complimentary live webcast on February 23. During the webcast, Gary provided an in-depth look at the CA SSO Limit Concurrent Login PWP. View the replay.
What nightmares have you had with concurrent logins? Share your experiences in the comments below.
Click here to connect with a Services expert.