To limit the number of sessions a user can run at once, configure a Keycloak authentication flow. The flow that you must configure depends on how you authenticate users:
-
Configure a browser flow if you use local or LDAP/AD authentication.
-
Configure a post-sign in client flow if you use SSO.
Note
| The browser flow is internal to Keycloak and can’t be modified, so you must make a copy of it first. |
In addition, to limit concurrent sessions for API access, you must set up a Domino First Broker Login flow.
You can limit the number of active user sessions that a user can have open at one time. When a user reaches the user session limit, they must end their current user sessions before they begin a new session. You can stop user sessions from the Keycloak admin console, or users can sign out on their own.