A user can view his active sessions within Haiilo at any time and will be notified when there is a new session for his access.
The logged-in user can find a list of all active sessions in his account settings.
A user can terminate an active session at any time via the "Logout" button. This logs the user out directly on the respective device.
If the session with the label "Current session" is terminated by the "Logout" button, after confirmation, the login page is opened directly.
When a user logs in for the first time on a device that is still unknown to Haiilo and its access, the user will automatically receive an email with the following information:
The "Check account settings" button takes the user directly to his account settings, where he can end an unknown session with the "Logout" button if necessary.
Do all users receive this email?
It depends on how your users are created in Haiilo:
- Users who are created locally will always get this email based on the triggers mentioned above
- Users who are synchronized to Haiilo via a user directory can be excluded from the email if needed
The option to disable the email for a specific user directory can be found in the configuration of the respective user directory.
Can the email be customized?
The texts of the e-mail can be customized as usual via the language of your Haiilo. You can learn more about this here.
The headline (in the screenshot at the top named "Haiilo") and the name after "Sent via" are based on the selected "Network name" and redirect to your Haiilo URL. The link after "powered by" leads to our Haiilo website.
Furthermore, the design of the email depends on your theme settings. You can learn more about this here.
Please note that some email programs (e.g. Outlook) cannot display the design correctly and therefore the emails may look different. We can not influence this.
When is this email triggered?
The email is triggered every time a user creates a new session with their account on a new device or in a new browser. This is because after the first login, the browser/device combination is marked as "known" by storing a signed cookie in the browser. After that, the email for this browser/device combination is no longer sent.
Since this security measure works in connection with browser data (cookies), it is important that no browser data is deleted between logins of the same user on the same device/browser. Otherwise, the signed cookie is also deleted and thus the login is recognized as another new session and a new e-mail will be sent.