Knogin
[Verwaltung]

Session Management

Argus provides advanced session management that secures the entire authentication lifecycle -- from initial login through active usage, token refresh, and logout. With multi-device management, behavioral threat detection

Modulmetadaten

Argus provides advanced session management that secures the entire authentication lifecycle -- from initial login through active usage, token refresh, and logout. With multi-device management, behavioral threat detection

Zurück zur Liste

Quellreferenz

content/modules/security-session-management.md

Letzte Aktualisierung

5. Feb. 2026

Kategorie

Verwaltung

Tags

managementcompliance

Gerenderte Dokumentation

Diese Seite rendert das Markdown und Mermaid des Moduls direkt aus der offentlichen Dokumentationsquelle.

Overview#

Argus provides advanced session management that secures the entire authentication lifecycle -- from initial login through active usage, token refresh, and logout. With multi-device management, behavioral threat detection, and configurable security policies, the platform protects user accounts while minimizing authentication friction.

Key Features#

  • Configurable Session Policies - Administrators can configure idle timeouts, absolute session duration limits, and token refresh behaviors to match organizational security requirements.

  • Automatic Token Refresh - Seamless token refresh before expiration eliminates authentication interruptions during active sessions. Refresh token rotation ensures each token can only be used once.

  • Multi-Device Session Management - Users can view and manage active sessions across all their devices, with the ability to remotely terminate individual sessions or log out from all devices simultaneously.

  • Concurrent Session Controls - Configurable limits on concurrent sessions prevent unauthorized account sharing and reduce the risk of undetected credential compromise.

  • Device Trust Scoring - Each device builds a trust score based on login history, geographic consistency, device integrity signals, and security patch levels. Trust scores inform access control decisions and step-up authentication requirements.

  • Behavioral Threat Detection - Continuous analysis of session behavior identifies credential compromise, session hijacking, account takeover attempts, and automated attacks with high accuracy and low false positive rates.

  • Impossible Travel Detection - Geographic analysis of login locations identifies physically impossible travel patterns, triggering step-up authentication or session termination based on configured policies.

  • Automated Threat Response - Configurable response actions automatically execute when threats are detected, including session termination, mandatory re-authentication, account lockout, and administrator notification.

How It Works#

Session Lifecycle#

  1. Authentication - The user provides credentials and completes any required multi-factor authentication challenges. Device fingerprinting and geolocation validation assess the risk level of the login attempt.

  2. Session Creation - Upon successful authentication, the system issues short-lived access tokens and longer-lived refresh tokens. Session metadata records the device, location, and authentication method.

  3. Active Session - During the session, continuous monitoring validates device integrity, tracks location consistency, and analyzes behavioral patterns. Activity-based session extension keeps sessions alive during active use.

  4. Token Refresh - Access tokens are automatically refreshed before expiration. Each refresh validates device consistency, IP continuity, and threat intelligence status. Refresh tokens are rotated with each use.

  5. Session Termination - Sessions end through explicit logout, idle timeout, administrative action, or threat detection. All associated tokens are immediately revoked and the event is logged.

Multi-Device Management#

Users have full visibility into their active sessions:

  • View all active sessions with device type, location, and last activity
  • Name and categorize devices for easy identification
  • Terminate individual sessions or log out from all devices
  • See when new devices are used to access their account
  • Review session history and security events

Threat Detection#

The session management system continuously monitors for:

  • Credential Compromise - Checks against known breached credential databases, detects password spraying and credential stuffing patterns
  • Session Hijacking - Token replay detection, duplicate session identification, session fixation prevention
  • Account Takeover - Impossible travel, behavioral anomalies, sudden privilege escalation, unusual data access patterns
  • Automated Attacks - Bot detection, distributed attack identification, progressive throttling

When threats are detected, configurable response chains execute automatically, including session termination, step-up authentication requirements, account lockout, and security team notification.

Compliance#

Session management supports compliance with:

  • SOC 2 - Authentication controls, session management, and monitoring
  • ISO 27001 - Access control and secure authentication requirements
  • PCI-DSS - Session timeout and authentication requirements
  • HIPAA - Automatic logoff and session management for ePHI systems
  • GDPR - Authentication security and data access controls
  • FedRAMP - Session management and authentication requirements

Availability#

  • Enterprise Plan: Full session management suite included
  • Professional Plan: Core session management included; advanced threat detection and multi-device management available as add-on

Last Reviewed: 2026-02-05