Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Revoke SAML Authentication

You can revoke the SAML authentication session for a specific user or all users if you find suspicious user behavior. After revoking the SAML authentication, the user can continue to use the current active session. However, the user has to re-authenticate with the service provider to access the private application after signing off.  

  1. In Skyhigh CASB navigation bar, go to Settings > Infrastructure > Private Access Configuration.
  2. Click the Authentication tab.
  3. SAML authentication is enabled by default.
  4. In the Revoke SAML Authentication section, select one of the following:
    • All Users - Enter <domain-name> to revoke SAML authentication for all users. Use a comma to separate multiple domain names. 
      For example, <domain-name1>,  <domain-name2>,<domain-name3>
    • Selected Users - Enter the email address of specific users for whom you wish to revoke SAML authentication. Use a comma to separate multiple email addresses.
      For example, <user>@<domain-name>, <user1>@<domain-name>,<user2>@<domain-name>
  5. Click Revoke.

NOTE: The session is revoked only once and you have to revoke it again if found suspicious. The administrator should revoke the session on the IDP as well.

  • Was this article helpful?