When a user’s access needs to be immediately revoked — for example, due to termination or a security incident — Identity Panel provides a reliable mechanism to revoke all active Entra ID (formerly Azure AD) session tokens for that user.
Automatic Token Revocation via Panel Actions
Identity Panel's HyperSync Panel includes event-driven synchronization capabilities that allow it to detect key lifecycle events — such as a user being marked as a “leaver” in an HR system — and trigger targeted actions in response. One such action is the revocation of all active Entra ID session tokens.
This is accomplished through a Panel Action. When configured appropriately, Identity Panel can issue a command to Entra ID to revoke all refresh tokens and invalidate any active sessions for a user. This ensures that the user is immediately signed out across all devices and applications that rely on Microsoft Entra ID for authentication.
Key Features
-
Real-Time Response: Leveraging event-based triggers, HyperSync Panel can respond within minutes of a user’s status change, minimizing the window of risk.
-
Integration with Microsoft Graph API: Identity Panel uses the Microsoft Graph
invalidateAllRefreshTokensendpoint, which enforces a logout across all devices by invalidating access tokens. -
Auditable Actions: All revocation events are logged in Identity Panel’s operations history, providing clear audit trails for compliance and investigation.
Typical Use Case Workflow
-
A termination is recorded in the source system (e.g., HR).
-
HyperSync Panel picks up the status change during its next scan or real-time event trigger.
-
A configured sync rule matches the “leaver” condition and issues a Panel Action to Entra ID.
-
All active session tokens are revoked. The user is effectively signed out of all Microsoft 365 services and any third-party apps using Entra ID.
Note: Session revocation does not delete the user account. It only terminates their access to protected services immediately.
Comments
0 comments
Article is closed for comments.