Sessions
After a user successfully authenticates to Yandex Identity Hub via auth.yandex.cloud, a session is created for that user, and a yc_session cookie is created for the auth.yandex.cloud domain.
Sessions give you access to services that rely on single sign-on (SSO) with Yandex Identity Hub as the identity provider (IdP) without re-authentication in Yandex Identity Hub.
A session contains the following data about the user's working session in Yandex Identity Hub:
- User-Agent: Client application ID. Constant value.
- Creation date: Session creation date and time. Constant value.
- Date of use: Date and time the session was last used for authentication in applications that rely on Yandex Identity Hub as an identity provider. The value may change while working with the session.
- End date: Session lifetime after which the user will have to re-authenticate to Yandex Identity Hub. Constant value.
- IP address: IP address of the user’s last access within the active session to services that require authentication via Yandex Identity Hub. The value may change while working with the session.
- ID: Unique session ID. Constant value.
Session lifetime
Session lifetime depends on user account type:
- For federated users, session lifetime is determined by the identity federation settings.
- For local users, session lifetime is determined by the user pool settings.
- For Yandex account users, session lifetime is 12 hours.
User session management
A user can view and end their current sessions from the My account portal.
An administrator can view and end the sessions of federated and local users of the organization. The organization roles the administrator needs for that are organization-manager.federations.userAdmin and organization-manager.userpools.userAdmin or higher, respectively.
Note
The organization's administrator cannot manage the sessions of other organization users with a Yandex account.
A session ends and automatically disappears from the user's session list when its lifetime ends or when the user logs out of the account by clicking Log out.