Prohibit Simultaneous Login

Hi All,

We have a requirements indicated that the users ID are prohibited to login from another workstation while the same ID is still logged in another workstation.

So basically if I'm logged on the web using my credentials, I can not login on my mobile device or desktop application.

Is this doable in M-files to prevent the simultaneous login?



Parents Reply Children
  • Ignoring the technical issue here for a moment (as Timo says: I don't think this is supported)...  I don't understand why restricting multiple concurrent logins from the same user supports the requirement of "wanting to make legitimate users accountable".

    Surely the root issue here is trust of the user's credentials.  I see the argument that if the user's credentials are compromised then such a feature would stop two people logging in, but it doesn't in any way ensure that it's the correct person logging in (what if the hacker was the first one in?!).

    I would argue that the underlying issue is around confidence and security of the credentials themselves.  I would push them towards using some sort of federated authentication scheme with multi-factor authentication.  This has the direct impact of ensuring that - even if the user credentials were leaked - only the user with the phone or authenticator can actually log in.

    If you are a partner then there is a document in the Partner Portal named "Multi-Factor Authentication with M-Files" which goes through the basics of how to do this.