Deny Simultaneous Connections from a Single Identity
Limit the number of unique entry points and concurrent sessions to prevent simultaneous logins from a single identity.
Mike Cross (Sales Representative) has been careless with his rights to work across multiple different machines. Like many users he risks unwanted and unauthorized access by sharing passwords with colleagues and leaving machines unlocked and unattended.
To protect Mike and his trusted access, restrict Mike to a single point of entry, across all session types. Any access attempts that don’t stem from this point are automatically blocked.
This single point of entry renders password sharing useless and encourages machines to be locked and not left unattended. It also protects against malicious access from other users inside the (authorized) department, using Mike’s credentials.
Subsequent network connections that stem from this initial access point are all authorized by UserLock, confident that the user is who they say they are. This ensures no frustration for the user.
Other options to balance security and user friction: IT can choose to either allow a user to remotely logoff an existing session or automatically lock the previous session once a new session is open.