06-28-2023 11:22 AM - last edited on 07-11-2023 10:52 AM by akloepfer
After signing out, if anyone else comes along and clicks Sign In, the session I signed out of resumes. No login challenge/2FA. They are me.
When clicking Sign Out at the top right, the session remains open, there is no way I can see to end it:
07-07-2023 05:49 PM
07-11-2023 10:54 AM
@RobbSalzmann Thank you for bringing this to our attention! Upon initial testing though i was not able to reproduce the issue. I will look into this further and bring this to our internal IT teams.
07-11-2023 02:49 PM - edited 07-11-2023 02:49 PM
@RobbSalzmann After speaking with our internal IT team-when you log out, you are only logging out of the Community. You would still have an Okta Session open, so when you click on "sign in" again, it's picking up on the Okta Session and signing you back in without asking for a password/MFA.
If you want to sign out completely and sign out of everything, you'll need to sign out of Okta as well. I hope this helps answer your concern!
07-11-2023 02:56 PM - edited 07-11-2023 02:58 PM
Here's the use case that concerns me:
I go to the library and login to Onestream.com on their computer. Do a few things and click the button "Sign out"
I leave the library and someone else comes in and clicks "Sign In". That public computer is now signed back in as me - no authentication challenge, no credentials needed.
"sign out" means sign out on pretty much any system I've ever used. It never means "Sign out but not really because you have to do these other things." Then its not really signing out, is it?
If I'm "Only logging out of the community" then I should have to "log back in to the community" when I click sign in. What happens is I click Sign In and I'm signed back in to the community without being challenged for credentials - therefore I was never really signed out.
If you want me to demonstrate this for you to see it reproduced, set up a call and I'll show you.
07-12-2023 10:31 AM
Hi @RobbSalzmann Thank you again for sharing your concerns and the details. I've continued sharing them with our IT/okta team. Please know that we understand exactly the process you're referring to and understand how this might be inconvenient for you. This would apply to any OneStream site you login to as we use Okta for all authentication into our systems. It was a strategic decision to allow for users more ease when it came to navigating from system to system. Again, I'm sorry for the inconvenience this is causing you.. You can always email me directly too if you'd like to continue this conversation 🙂
Thanks,
Alissa
07-12-2023 11:10 AM - edited 07-12-2023 11:27 AM
This wasn't about convenience. Thanks for your interest.
02-04-2024 05:50 PM
Oh yeah this seems like a significant issue to me. Nobody is ever going to realise they need to log out of more than just the forums. They click Log In on OneStream Community, they click Log Out on OneStream Community.