UserLock Documentation
UserLock Documentation
You are here: Reference > Protected sessions > SaaS sessions

SaaS sessions

SaaS sessions are those from applications that are configured with UserLock SSO. These sessions can be monitored in the SSO dashboard, and are not included in the “user session” view of the console.

Single Sign-On Administration

Click here for guide on implementing SSO.


SaaS sessions cannot be protected by all UserLock restrictions. Since UserLock is not able to capture when a SaaS session is disconnected unless the user manually signs out of the application before closing the browser. Since this is not common user behavior, in most cases we cannot see the sign out.

Because of this, SaaS sessions have the following limitations:

  • Time connected to SaaS sessions are not included in the following reports:
    • Working hours reports
    • Concurrent session history
  • The following restrictions in protected accounts cannot be applied to SaaS sessions:
    • Concurrent sessions: The administrator can only allow or deny all SaaS session for a protected account.
    • Hour restrictions: If you select SaaS sessions in your hour restrictions, users will be refused a login outside of authorized hours, however, you cannot force the logoff of a SaaS session that exceeds the authorized time.
    • Workstation restrictions: For SaaS connections we are able to recover the IP address, but not the client name. For this reason, you can only apply workstation restrictions for SaaS applications by IP range.
    • Time quota: Does not include time connected to SaaS applications.