Session Revocation
Access provides authentication assertions, based on the SAML or WS-Federation protocols, to cloud services. As a result of the authentication, the app gets a session token from the cloud service. This token is stored on the device and allows the app to access the cloud service without having to reenter user credentials. The session token expires after a certain length of time, after which the user is prompted to authenticate again.
The following topics provide more information about session revocation: