The active sessions list summarizes the current users within the Collective. The list includes information such as the username, identity provider, and the client type for each session.
Filtering and sorting
The search box can be used to filter the view of the Active Sessions page (Usage > Active Sessions). Most columns are sortable; click on a column heading to change the item order.
Action Buttons
Action buttons are accessed by clicking the three dots icon (
) to the right of each line item in the page or from the <Actions> button within the item. They are contextual, changing depending on the type of item and the state of the item. The Action button in the Active Sessions page displays the following options:
Analyze Policy Assignments. Runs a simulation of the policy assignment process using the user's currently reported claims. This will allow you to see which policies are being applied as well as the resulting device settings - which may come from a number of different policies.
Download Client Logs. Triggers a log bundle download from the device being used. Requires client v6.1 or later. This will download a zip archive of the user's client logs.
Renew Tokens. Will refresh the tokens for this device. This might be used to push an entitlement update to a user's device. It is possible to use bulk actions on active sessions to renew tokens. This can also be done from Registered Devices.
Add User to Denylist. Removes access from all devices for this user by revoking all related tokens and adds them to the denylist preventing them from signing in again. This can also be done from Registered Devices.
Active Session Details
Click on any row in the Active Sessions page to access Active Session Details. This page displays session details for the selected user or device and provides additional details for the selected Site.
Actions
The <Actions> dropdown within the session details can perform the same operations as the Action button described above.
General session details
The top of the Active Session Details page includes a set of fixed non-Site-specific details about the chosen session, and may include warnings such as:
IP address conflicts. AppGate ZTNA routes traffic to multiple Sites simultaneously. It is therefore important to avoid having the same IP address appear on multiple Sites. If a conflict is detected, a message detailing the offending Sites will appear so action can be taken.
Unreachable Protected Hosts. When there are unreachable protected hosts reported, you can obtain more details from the App Health Reports page.
Site-specific details
The Action Session Details page contains the following information about the selected session:
Select Site. The user may be connected to multiple Sites. The seven additional details tabs display the information for only the Site chosen from the drop-down.
NOTE
During failover or client reconnection (moving from one Gateway to another) both Gateways may report that the same user is attached.This will resolve itself within five minutes.
Entitlements. The entitlements shown are those which are allowed by policies.
| Entitlements show:
|
System Claims. The current claim values used for this session. The appendix contains more information about Claims in detail.
User Claims. The current claim values used for this session. The appendix contains more information about Claims in detail.
Device Claims. The current claim values used for this session. The appendix contains more information about Claims in detail.
Gateway Stats. Detailed statistics from the Gateway for the user's session, such as total bytes read and written through the VPN daemon servicing this user.
Session Stats. Details about the session's connection, including time to connect, round-trip time, and traffic mode.