Submitted ideas will be evaluated by our product teams for upcoming releases and will be responded to so you know where things stand. For product support, please use the community forums or contact TAC.
NOTE: All Cisco employees & Channel Partners must enter Ideas through this Ideas Portal.
Currently, when a user leaves the organization, we perform the following steps, to off-board the user-
Remove user's Webex licenses, on Webex Control Hub
Reset Access on Webex Control Hub
Force Directory Sync, to remove the user account from Webex.
On Webex Control Hub, The description for "Reset Access" reads as follows-
Revoke user access tokens for the Webex app on desktop, web, and mobile. This deletes any cached content and prompts the user to sign in again. Learn more.
It seems however, that if the user is already logged into Webex, on his/her personal device, they are not getting force logged out. A TAC engineer also confirmed that user would NOT Be automatically logged out.
This presents a significant security vulnerability for organization for obvious reasons.
Can we provide a way to force log out users (on all devices) ?
Thanks,
Baktha Muralidharan
Are we planning to plug the "6 hour" exposure?
thanks,
Baktha
Attachments Open full size
No, it doesn't. After all the steps, there is a 6 hour vulnerability window.
This window should be closed.
Thanks!
Attachments Open full size