Overview

Identities and Sessions give you live visibility of users who have authenticated to Endpoints via the OAuth, OpenID Connect and SAML traffic policy actions. They enable you to:
  • Examine active user sessions to your authenticated endpoints including details like device, identity provider, IP address, and network
  • Revoke sessions to forcibly log users out via the dashboard or API
You can manage Identities and Session on your ngrok Dashboard or via the ngrok API. Traffic Identities were previously called ‘App Users’, you may find references with the old name while they are being transitioned. Identities and Sessions: Conceptual Architecture

Managing Sessions from the Dashboard

View Sessions

To view Traffic Identities and sessions:
  1. In the ngrok Dashboard, navigate to Traffic Policy > Identities (or access the Identities page directly) The users are displayed in the table.
  2. Alternatively, use the search bar to filter users by identity provider, User, and ID.

View Session Details

  1. Access the Identities page.
  2. On the Identities table, select a user:
    • ngrok displays the table with the user identity overview, including the provider who authenticated your user, basic information about the user, and the identity provider used for login
    • ngrok also displays a list of endpoints the user has accessed.
  3. Click on an endpoint that the user has accessed. ngrok displays session information captured while the user was accessing the endpoint. That includes the user device, IP, browser, agent, country, and geo coordinates based on IP
Pasting the coordinates into your favorite mapping service will give you more detailed information about the IP geolocation.

Revoke Sessions

  1. Access the Identities page and locate your user.
  2. Click the trash can next to the user and then confirm the deletion. The user is deleted and all sessions are invalidated immediately. Users can reinitiate sessions by logging in again via their Authentication provider.

Managing Sessions from the API

You can also programmatically investigate and revoke user sessions using the Identities and App Sessions APIs. APIs are the recommended approach when you want to drive session monitoring and deletion from third-party apps such as security management solutions and identity workflows. Examples:

To list user sessions

curl --location --request \
GET 'https://api.ngrok.com/app/users' \
--header 'Ngrok-Version: 2' \
--header 'Authorization: Bearer {ngrok api token}'

To get session details

curl --location --request \
GET 'https://api.ngrok.com/app/users/{session-id}' \
--header 'Ngrok-Version: 2' \
--header 'Authorization: Bearer {ngrok api token}'

To revoke a session

curl --location --request \
DELETE 'https://api.ngrok.com/app/users/{session-id}' \
--header 'Ngrok-Version: 2' \
--header 'Authorization: Bearer {ngrok api token}'

API

Identities and Sessions are managed programmatically via:

Pricing

Identities and Session are available on all plans.