User Sessions

The User Sessions API provides operations to manage user sessions in your org.

Revoke all user sessions
CORS
OAuth 2.0 scopes:
  • okta.users.manage

Revokes all active identity provider sessions of the user. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.

You can also clear the user's remembered factors for all devices using the forgetDevices parameter. See forgetDevices.

Note: This operation doesn't clear the sessions created for web or native apps.

Request
path Parameters
userId
required
string

ID of an existing Okta user

Example: 00ub0oNGTSWTBKOLGLNR
query Parameters
oauthTokens
boolean
Default: false

Revokes issued OpenID Connect and OAuth refresh and access tokens

forgetDevices
boolean
Default: true

Clears the user's remembered factors for all devices.

Note: This parameter defaults to false in Classic Engine.

Responses
204

No Content

403

Forbidden

404

Not Found

429

Too Many Requests

delete/api/v1/users/{userId}/sessions
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}