cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Caution: Clicking Sign Out on community.onestreasoftware.com Leaves Session Your Open for Anyone.

RobbSalzmann
Valued Contributor

‎06-28-2023 11:22 AM - last edited on ‎07-11-2023 10:52 AM by Community Manager

After signing out, if anyone else comes along and clicks Sign In, the session I signed out of resumes.  No login challenge/2FA.  They are me.
When clicking Sign Out at the top right, the session remains open, there is no way I can see to end it:

RobbSalzmann_0-1687965601189.png

 

Labels:
7 REPLIES 7

BWilmot
Visitor III

‎07-07-2023 05:49 PM

 

akloepfer
Community Manager
Community Manager

‎07-11-2023 10:54 AM

@RobbSalzmann Thank you for bringing this to our attention! Upon initial testing though i was not able to reproduce the issue. I will look into this further and bring this to our internal IT teams. 

0 Kudos

akloepfer
Community Manager
Community Manager

‎07-11-2023 02:49 PM - edited ‎07-11-2023 02:49 PM

@RobbSalzmann After speaking with our internal IT team-when you log out, you are only logging out of the Community. You would still have an Okta Session open, so when you click on "sign in" again, it's picking up on the Okta Session and signing you back in without asking for a password/MFA. 

 

If you want to sign out completely and sign out of everything,  you'll need to sign out of Okta as well. I hope this helps answer your concern! 

RobbSalzmann
Valued Contributor

‎07-11-2023 02:56 PM - edited ‎07-11-2023 02:58 PM

Here's the use case that concerns me:
I go to the library and login to Onestream.com on their computer.  Do a few things and click the button "Sign out"
I leave the library and someone else comes in and clicks "Sign In".  That public computer is now signed back in as me - no authentication challenge, no credentials needed.

"sign out" means sign out on pretty much any system I've ever used.  It never means "Sign out but not really because you have to do these other things."  Then its not really signing out, is it?

If I'm "Only logging out of the community" then I should have to "log back in to the community" when I click sign in.  What happens is I click Sign In and I'm signed back in to the community without being challenged for credentials - therefore I was never really signed out.  

If you want me to demonstrate this for you to see it reproduced, set up a call and I'll show you.

akloepfer
Community Manager
Community Manager

‎07-12-2023 10:31 AM

Hi @RobbSalzmann Thank you again for sharing your concerns and the details. I've continued sharing them with our IT/okta team. Please know that we understand exactly the process you're referring to and understand how this might be inconvenient for you. This would apply to any OneStream site you login to as we use Okta for all authentication into our systems. It was a strategic decision to allow for users more ease when it came to navigating from system to system. Again, I'm sorry for the inconvenience this is causing you.. You can always email me directly too if you'd like to continue this conversation 🙂 

 

Thanks,

Alissa 

onecommunity@onestreamsoftware.com 

0 Kudos

RobbSalzmann
Valued Contributor
In response to akloepfer

‎07-12-2023 11:10 AM - edited ‎07-12-2023 11:27 AM

This wasn't about convenience. Thanks for your interest.

DanielWillis
Contributor III
In response to RobbSalzmann

‎02-04-2024 05:50 PM

Oh yeah this seems like a significant issue to me. Nobody is ever going to realise they need to log out of more than just the forums. They click Log In on OneStream Community, they click Log Out on OneStream Community.

Please sign in! RobbSalzmann
Community Resources
Training and Documentation
Additional Resources