Ivanti Access provides authentication assertions, based on the SAML or WS-Federation protocols, to cloud services. As a result of the authentication, the app gets a session token from the cloud service. This token is stored on the device and allows the app to access the cloud service without having to reenter user credentials. The session token expires after a certain length of time, after which the user is prompted to authenticate again.
Session revocation is now triggered for multi-user sign-in applications. On a shared device, even if the user is signed-out , session revocation is still triggered.
For example: On an iOS shared device, if the user uses Office 365 and later logs out of the device and when a new user logs into the device, the user is prompted for credentials again.
The following topics provide more information about session revocation: