Skip to main content

App Users and Sessions


Introduction

App Users and Sessions gives you live visibility of federated user sessions with the ability to terminate sessions instantly:

  • Track active OAuth, OIDC, and SAML user sessions in your tunnels
  • Examine the session context including user, device, identity provider, and network details
  • Delete sessions via the admin interface (Dashboard) and programmatically (REST API)

App Users and Sessions: Conceptual Architecture

App Users and Sessions is available via the ngrok dashboard and the App Users and App Sessions APIs.

Managing Sessions from the Dashboard

View Sessions

To view App users and sessions:

  1. In the ngrok Dashboard, navigate to Cloud Edge > App Users (or access the App Users page directly)

    The users are displayed in the table.

  2. Alternatively, use the search bar to filter users by identity provider, User, and ID.

View Session Details

  1. Access the App Users page.

  2. On the App Users table, select a user:

    • ngrok displays the table with the user identity overview, including the provider who authenticated your user, basic information about the user, and the identity provider used for login
    • ngrok also displays a list of endpoints the user has accessed.
  3. Click on an endpoint that the user has accessed.

    ngrok displays session information captured while the user was accessing the endpoint. That includes the user device, IP, browser, agent, country, and geo coordinates based on IP

tip

Pasting the coordinates into your favorite mapping service will give you more detailed information about the IP geolocation.

Revoke Sessions

  1. Access the App Users page and locate your user.

  2. Click the trash can next to the user and then confirm the deletion.

    The user is deleted and all sessions are invalidated immediately. Users can reinitiate sessions by logging in again via their Authentication provider.

Managing Sessions from the API

You can also programmatically investigate and revoke user sessions using the App Users and App Sessions APIs. APIs are the recommended approach when you want to drive session monitoring and deletion from third-party apps such as security management solutions and identity workflows.

Examples:

To list user sessions

curl --location --request \
GET 'https://api.ngrok.com/app/users' \
--header 'Ngrok-Version: 2' \
--header 'Authorization: Bearer {ngrok api token}'

To get session details

curl --location --request \
GET 'https://api.ngrok.com/app/users/{session-id}' \
--header 'Ngrok-Version: 2' \
--header 'Authorization: Bearer {ngrok api token}'

To revoke a session

curl --location --request \
DELETE 'https://api.ngrok.com/app/users/{session-id}' \
--header 'Ngrok-Version: 2' \
--header 'Authorization: Bearer {ngrok api token}'