Prohibit Simultaneous Login

Hi All,

We have a requirements indicated that the users ID are prohibited to login from another workstation while the same ID is still logged in another workstation.

So basically if I'm logged on the web using my credentials, I can not login on my mobile device or desktop application.

Is this doable in M-files to prevent the simultaneous login?

Regards,

Messiah

  • Hello, 

    Unfortunately there is no way to prevent multiple logins from the same user account. 

    Actually the server does not even know, from where the user is logging in - this has not been considered as an important while developing the logins. 

    Can you elaborate, why this would be an important feature? What are you trying to prevent with it? 

  • Hi Timo,

    Actually this is a client requirements. For some reason maybe they want to make legitimate user accountable for any illegitimate action they takes.

  • Ignoring the technical issue here for a moment (as Timo says: I don't think this is supported)...  I don't understand why restricting multiple concurrent logins from the same user supports the requirement of "wanting to make legitimate users accountable".

    Surely the root issue here is trust of the user's credentials.  I see the argument that if the user's credentials are compromised then such a feature would stop two people logging in, but it doesn't in any way ensure that it's the correct person logging in (what if the hacker was the first one in?!).

    I would argue that the underlying issue is around confidence and security of the credentials themselves.  I would push them towards using some sort of federated authentication scheme with multi-factor authentication.  This has the direct impact of ensuring that - even if the user credentials were leaked - only the user with the phone or authenticator can actually log in.

    If you are a partner then there is a document in the Partner Portal named "Multi-Factor Authentication with M-Files" which goes through the basics of how to do this.

    Regards,

    Craig.