User Community Feedback

Submitted ideas will be evaluated by our product teams for upcoming releases and will be responded to so you know where things stand. For product support, please use the community forums or contact TAC.

NOTE: All Cisco employees & Channel Partners must enter Ideas through this Ideas Portal.

When user leaves an organization, and is off-boarded, force logout from Webex

Currently, when a user leaves the organization, we perform the following steps, to off-board the user-


  1. Remove user's Webex licenses, on Webex Control Hub

  2. Reset Access on Webex Control Hub

  3. Force Directory Sync, to remove the user account from Webex.

On Webex Control Hub, The description for "Reset Access" reads as follows-

Revoke user access tokens for the Webex app on desktop, web, and mobile. This deletes any cached content and prompts the user to sign in again. Learn more.

It seems however, that if the user is already logged into Webex, on his/her personal device, they are not getting force logged out. A TAC engineer also confirmed that user would NOT Be automatically logged out.

This presents a significant security vulnerability for organization for obvious reasons.


Can we provide a way to force log out users (on all devices) ?


Thanks,

Baktha Muralidharan

  • Guest
  • Mar 3 2022
  • Already exists
Control Hub & Administration: Identity/SSO
  • Guest commented
    June 14, 2022 14:17

    Are we planning to plug the "6 hour" exposure?


    thanks,

    Baktha

    ×

    Attachments Open full size

  • Guest commented
    March 21, 2022 15:07

    No, it doesn't. After all the steps, there is a 6 hour vulnerability window.

    This window should be closed.


    Thanks!

    ×

    Attachments Open full size

Related ideas

 
Terms of Service Privacy Policy Cookie Policy Trademarks Feedback

©2020 Cisco and/or its affiliates. All rights reserved.