Central Management of Active User Sessions (And Session Termination)

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Release notes

GitLab instance administrators now have greater flexibility to manage user sessions via a centralized dashboard. Administrators working in organizations with heightened security requirements are now able to terminate a user's active or inactive session if the user's device is suspected to be compromised.

Problem to solve

Cyber security best practices, including NIST 800-63B, call for administrators of applications to be able to view/manage/revoke user sessions in order to protect against unauthorized access and attack. Having a centralized dashboard to permit GitLab instance administrators to quickly identify and terminate a user session (or sessions) if a user's device is compromised would be an exceptional way to help meet the NIST 800-63B requirements and improve security of a customer's instance. The ability to log session information and export via Audit Events to a SIEM would greatly support compliance, monitoring and alerting concerns.

Proposal

Intended users

• Cameron (Compliance Manager)
• Sam (Security Analyst)
• Alex (Security Operations Engineer)

Feature Usage Metrics

• Access of the session management dashboard in the last 28 days
• Number of user sessions terminated via the dashboard in the last 28 days

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.