Skip Navigation

SSO logout service

If the logout URL is configured in the identity provider settings, the following steps terminate the active user session:
  1. The end user initiates a logout request at a service provider.
  2. The service provider forwards the logout request to an identity provider.
  3. The identity provider validates the logout request.
  4. The identity provider sends a logout request for the user to all other service providers that the identity provider is aware of that the user has an active security session with.
  5. The identity provider terminates the user's sessions and sends a response to the original service provider.
  6. The original service provider informs the user that they have been logged out.
If the logout URL is displayed in the Service Provider settings, the following steps terminate the active user session:
  1. The end user initiates a logout request at a service provider.
  2. The service provider terminates any of the user's active sessions that are handled by a third-party service.
  3. The service provider forwards the logout request to the logout URL.
If the logout URL is not configured for either for identity provider or the service provider, when a user requests a logout, the service provider terminates the user's active session and displays the login page (for the
BlackBerry AtHoc
management system) or the sign out page (for Self Service.)
The following table describes the log out flows for the
BlackBerry AtHoc
management system:
Log out type
Initiator
IDP logout URL included
Custom logout URL available
Log out behavior
Sign out or session timeout
SP
Yes
Yes
The IDP session is terminated. The end user is signed off locally and redirected to their organization's SSO login URL. The IDP logout URL is used.
Sign out or session timeout
SP
Yes
No
The IDP session is terminated. The end user is signed off locally and redirected to their organization's SSO login URL. The IDP logout URL is used.
Sign out or session timeout
SP
No
Yes
The end user is signed off locally and redirected to the custom logout URL.
Sign out or session timeout
SP
No
No
The end user is signed off locally and redirected to the organization's SSO login URL.
Session timeout
IDP
Yes
Yes
The IDP session is terminated. The end user is signed off locally and redirected to the manual login page with a Session Timeout message.
Session timeout
IDP
Yes
No
The IDP session is terminated. The end user is signed off locally and redirected to the manual login page with a Session Timeout message.
Sign out or session timeout
IDP
No
Yes
The IDP session is terminated. The end user is signed off locally and redirected to the custom logout URL.
Session timeout
IDP
No
No
The end user is signed off locally and redirected to the manual login page with a Session Timeout message.
Sign out
IDP
Yes
Yes
The IDP session is terminated. The end user is signed off locally and redirected to the manual login page.
Sign out
IDP
Yes
No
The IDP session is terminated. The end user is signed off locally and redirected to the manual login page.
Sign out
IDP
No
No
The end user is signed off locally and redirected to the manual login page.
The following table describes the log out flows for Self Service:
Log out type
Initiator
IDP logout URL included
Custom logout URL included
Log out behavior
Sign out or session timeout
SP
Yes
Yes
The IDP session is terminated. The end user is signed off locally and redirected to the sign out page.
Sign out or session timeout
SP
Yes
No
The IDP session is terminated. The end user is signed off locally and redirected to the sign out page.
Sign out or session timeout
SP
No
Yes
The end user is signed off locally and redirected to the custom URL.
Sign out or session timeout
SP
No
No
The end user is signed off locally and redirected to the sign out page.
Sign out or session timeout
IDP
Yes
Yes
The IDP session is terminated. The end user is signed off locally and redirected to the sign out page. The
Go To Login
button is not visible.
Sign out or session timeout
IDP
Yes
No
The IDP session is terminated. The end user is signed off locally and redirected to the sign out page. The
Go To Login
button is not visible.
Sign out or session timeout
IDP
No
Yes
The end user is signed off locally and redirected to the custom URL.
Sign out or session timeout
IDP
No
No
The end user is signed off locally and redirected to the sign out page.