About the Relationship between Cloud Service Login Session and HENNGE Access Control

for Google Workspace / for Microsoft 365

 

Q.
Once I logged in to cloud services such as Microsoft 365 and Google Workspace via HENNGE Access Control with browser and applications, I can use it even after moved to the circumstances which I no longer satisfy the HENNGE Access Control log in condition. Why does this phenomenon happen and what are some possible solutions for this?

A.
As shown in the image below, cloud services such as Microsoft 365 / Google Workspace will direct to HENNGE Access Control if necessary if there is SSO setting. 

SSO_image.png

Therefore, once the user is logged in, HENNGE Access Control will not be called again until the exiting session expires. This means that the login condition will not be checked for an existing session and that users can access cloud service without been checked of the Access Control Policy while the cloud services' login session remains valid.

 

For example, Microsoft announces that how long Microsoft 365 service session lives in the following article.

Session timeouts for Microsoft 365: https://docs.microsoft.com/en-us/office365/enterprise/session-timeouts

Also, Google announces this information in the below article.

Set session length for Google services: https://support.google.com/a/answer/7576830?hl=en

 

If you want disable each service login session forcibly, you can use each of following methods depending on your environment.

 

【Microsoft 365 Method.1】Change Microsoft 365 user password. Note that user password cannot be changed from Microsoft 365 admin screen when SSO is set, so it necessary to use PowerShell. Or, if Azure AD Connect installed, end user can change their Microsoft 365 account password from Active Directory.
For detail of changing user password by PowerShell, please refer to the following Microsoft article.
https://docs.microsoft.com/en-us/powershell/module/msonline/set-msoluserpassword?view=azureadps-1.0

【Microsoft 365 Method.2】Disable each user's or all users' Microsoft 365 login session forcibly by PowerShell. For detail, please refer to the below  HENNGE help center article.
How to make the Modern Authentication sessions expired for Microsoft 365 applications? : 
https://support.hdeone.com/hc/en-us/articles/115003551234

 

【Google Workspace Method.1】Change Google Workspace user's password.
Google Workspace Authentication Disconnect: https://support.hdeone.com/hc/en-us/articles/360000349222

【Google Workspace Method.2】Reset each user's login Cookie. For detail, please refer to the "Reset a user’s sign-in cookies" part in the following article.
Block access to your Google service on a lost device: https://support.google.com/a/answer/178854?hl=en


Note that above-mentioned contents depends on each cloud service specification and may change in future.

          
Was this article helpful?

Frequently Asked Questions (FAQs)