Terminate user Sessions

david.boenisch · August 21, 2025, 12:27pm

Hello everyone,

I have the following problem.

We have a Keycloak to define global roles for users. Users log in to Cumulocity via SSO.
Session configuration in Keycloak:
SSO Session Settings:

SSO Session Idle: 30 Minutes
SSO Session Max: 10 Hours
Access tokens:
Access Token Lifespan: 15 Minutes

Problem:
When we change a user’s global role, the logged-in user does not receive the new role until they log out and log back in.

How can I delete the session or log the user out?
Can I perhaps do this via a microservice?
Unfortunately, I cannot use this API because I do not know the user’s cookie:

Can anyone help me with the best way to update a user’s rights?

Thank you.
David

david.boenisch · August 22, 2025, 10:41am

I see this feature:

I set this backchannel and i see the audit log, but it is not working:

What could be the reason for this?

Topic		Replies	Views
Cumulocity IoT SSO login FAQ Knowledge Base	0	714	June 2, 2025
User session logout alert Forum cumulocity	6	709	April 15, 2024
November 28, 2024 - Option to log out all users when deleting or modifying a global role Platform services platform-services , administration , Feature	0	2	March 17, 2025
Session expiry in Cumulocity Knowledge Base cumulocity	0	410	August 29, 2023
Is there a benefit to using Logout URL with Cumulocity and SSO? Forum cumulocity	2	28	February 26, 2025

Terminate user Sessions

Related topics