Session Management is the page showing currently active user sessions and recent session activity — useful for forensic investigation ("who's logged in right now") and for forcibly ending sessions when investigating compromise. Read-mostly; kill sessions sparingly.
- Open Setup → Session Management
Setup gear → Quick Find: Session Management → Session Management.
- Review the list of active sessions
Each row: Username, Source IP, Login Type, Session Type, Created Date, Last Activity.
- Identify suspicious sessions
Unfamiliar IP / unfamiliar User Agent / very long-running sessions.
- Click Remove next to a session to force logout
Ends the session immediately. The user has to re-authenticate.
- Configure session policies separately
Session timeout, MFA requirements, IP restrictions live on Setup → Session Settings — not here.
Currently-logged-in users and their session details.
End a specific session. The user re-authenticates on next request.
Useful for narrowing during investigations.
- Removing a session forces immediate re-auth — including for the admin running the action if you accidentally pick your own session. Filter carefully.
- Session Management shows currently-active sessions only. Past sessions are in Login History (Setup → Login History).
- API sessions appear here too — including service-account sessions. Killing one forces the integration to re-auth, which may break in-flight calls.