Introduction
This article explains how Owners and Administrators of NordPass can revoke user sessions and configure session length to enforce automatic logout, helping align with company access control policies.
Before you start
- You must be an administrator with access to the NordPass Admin Panel.
- Session duration options include 1 hour, 4 hours, 1 day, 7 days, 30 days, or a custom interval (not less than 1 hour and not more than 30 days).
Here's what to do
Revoke an organization's user sessions manually
- Log in to the NordPass Admin Panel.
- Click on the "Members" button and choose the user by clicking on their email address
- Scroll down to the "Manage sessions" section to view active sessions and their details:
- Device type
- Browser
- NordPass platform
- Platform version
- IP address
- Last login date and time
- To terminate sessions, select “Revoke all sessions” to end every session at once, or click “Revoke” next to a specific device to end only that device’s session.
- Afterward, confirm your choice by selecting the "Revoke" button once more.
Configure the account session length policy for your organization
- Log in to the NordPass Admin Panel.
- Select the "Settings" option located on the left side, and click on the "Authentication" button.
- Next, click on the "Session length" button and select the duration for the automatic logout of members.
- Afterward, click on the "Save" button.
Additional tips
- Once the configured session period elapses, the member’s session terminates automatically, and they are logged out of NordPass. To regain access, they must log in again using Single Sign-On (SSO) or their Business Account credentials. If Multi-Factor Authentication (MFA) is enabled, they will need to verify their identity before unlocking their vault with their Master Password or biometric authentication.
- For optimal security, consider setting the interval to 7 days, after which members must log in again.