Respond to credential compromise with forced logout

Find affected sessions, revoke tokens, and enforce resets.

14 min Beginner Security Incident Commander, IT Admin Updated Sep 19, 2025

View App All Guides

Overview

Find affected sessions, revoke tokens, and enforce resets.

Prerequisites

None.

Permissions required

sessions:read users:manage

Steps (4)

Estimated: 14 min

1

Locate impacted accounts

Security 4 min Back to top

Security → Events: filter by IP/UA indicators; export list.

Tips

—

Validation

—

Success criteria

—
2
Revoke sessions

IT Admin 4 min Back to top

Open Sessions → “Revoke all” per user. Enable “revoke on refresh reuse”.
Tips

—

Validation

—
Success criteria

All tokens invalid; attempts require re-auth.
3

Require password reset & MFA

Security 3 min Back to top

Flag accounts for password reset on next login; enforce MFA required.

Tips

—

Validation

—

Success criteria

—
4

Post-incident review

Security 3 min Back to top

Download audit logs; document timeline and indicators of compromise.

Tips

—

Validation

—

Success criteria

—

About this guide

AccessGuard secures apps and external sites with hosted authentication and short-lived JWTs. Enable MFA, define RBAC permissions, and connect enterprise identity via SAML or OIDC. A lightweight HMAC bridge lets you embed login, registration, and token refresh flows on any domain without CORS pain.

Admins manage users, sessions, connections, and policies from one console. Profiles consolidate verified emails/phones, consents, KYC docs, and risk flags. Events and metrics provide visibility for security and ops.

Designed for velocity and safety: opinionated defaults, least-privilege keys, Prometheus counters, and exportable audit logs.

Respond to credential compromise with forced logout

Overview

Locate impacted accounts

Revoke sessions

Require password reset & MFA

Post-incident review

About this guide