User Community Feedback

Submitted ideas will be evaluated by our product teams for upcoming releases and will be responded to so you know where things stand. For product support, please use the community forums or contact TAC.

NOTE: All Cisco employees & Channel Partners must enter Ideas through this Ideas Portal.

When user leaves an organization, and is off-boarded, force logout from Webex

Currently, when a user leaves the organization, we perform the following steps, to off-board the user-


  1. Remove user's Webex licenses, on Webex Control Hub

  2. Reset Access on Webex Control Hub

  3. Force Directory Sync, to remove the user account from Webex.

On Webex Control Hub, The description for "Reset Access" reads as follows-


Revoke user access tokens for the Webex app on desktop, web, and mobile. This deletes any cached content and prompts the user to sign in again. Learn more.


It seems however, that if the user is already logged into Webex, on his/her personal device, they are not getting force logged out. A TAC engineer also confirmed that user would NOT Be automatically logged out.

This presents a significant security vulnerability for organization for obvious reasons.


Can we provide a way to force log out users (on all devices) ?


Thanks,

Baktha Muralidharan

  • Baktha Muralidharan
  • Mar 3 2022
  • Already exists
  • Baktha Muralidharan commented
    14 Jun 02:17pm

    Are we planning to plug the "6 hour" exposure?


    thanks,

    Baktha

  • Baktha Muralidharan commented
    21 Mar 03:07pm

    No, it doesn't. After all the steps, there is a 6 hour vulnerability window.

    This window should be closed.


    Thanks!