You can now force-invalidate the active sessions of a user when changing or deleting that user's password from the Soracom User Console. This helps you immediately cut off access for a user who has left the organization, respond quickly to suspected unauthorized access, or rotate permissions during organizational changes.

Previous limitation

Until now, even after you changed or deleted a user's password, any session that the user had already obtained by signing in remained active. To revoke access immediately, you had to wait for the existing session to expire on its own.

Force session invalidation when changing or deleting a user password

On the password change or delete screen for a user, you can now choose to invalidate that user's active sessions in the same operation. When you select this option, the target user's active sessions are invalidated immediately, and the user must sign in again to use the Soracom User Console or the Soracom API.

For details, refer to Change or delete a SAM user's password (Japanese).

If you have any questions, please contact Soracom Support.