Log Users Out of Applications
Enterprise users typically have Single Sign-on (SSO) enabled for multiple applications (e.g., SharePoint, a few .NET applications, a few Java applications, Zendesk). In this case, when users sign out, often they must be signed out for all of their applications.
The logout endpoint in Auth0 works in one of two ways:
- Clears the Single Sign-on (SSO) cookie in Auth0.
- Clears the SSO cookie in Auth0 and sign out the user from the IdP (such as ADFS or Google).
Redirecting users to the logout endpoint does not cover the scenario where users need to be signed out of all of the applications they used. If you need to provide this functionality you will have to handle this in one of two ways:
- Have short timeouts on your local session and redirect to Auth0 at short intervals to re-authenticate. NOTE: this can be done by calling
checkSessionfrom the client which does this redirect in a hidden iFrame. If you take the hidden iFrame approach you need to be aware of rate limits and third-party cookie issues.
- Handle this entirely at the application level by providing your applications a way to notify all other applications when a logout occurs.