SaaS
Search powered by AI

SAML Single Logout

The SAML 2.0 single logout (SAML SLO) protocol allows identity providers to terminate sessions across a user's applications nearly simultaneously with a single logout request.

SAML SLO enabled in Immuta can minimize security risks by terminating abandoned sessions after a timeout event occurs or after a user logs out of their identity provider or another application. Once users are logged out of Immuta, they must re-authenticate to log back in.

Requirements

Logout processes

There are two logout processes for SAML SLO:

The following objects are referenced in both processes below:

  • Principal: A user, service, or process that must authenticate with a service before being granted access and privileges.

  • Service provider (or session participant): The service or application the principal wants to be granted access to (for example, Immuta).

  • Session authority (or identity management provider): The identity management provider that verifies the principal's identity. See this list of supported identity providers for examples.

  • Session: The period during which the principal is authenticated with the service provider; a session is started when a user authenticates their identity using a password or another authentication protocol and the service provider has verified that the user is allowed access to their service.

User initiates logout from Immuta

User initiates logout from the identity provider

Supported identity providers

Immuta's SAML SLO support has been tested with the following identity providers:

  • Key Cloak

  • Microsoft Entra ID

See your identity provider's documentation to determine whether or not your provider supports SAML SLO. For a list of identity providers and protocols supported by Immuta, see the identity management support matrix.

Consideration

Immuta cannot ensure that other service providers will log out, as Immuta has no control over those applications.

PreviousSAML Protocol Configuration OptionsNextImmuta Users

Last updated

Self-managed versions

2024.32024.22024.1

Copyright © 2014-2024 Immuta Inc. All rights reserved.