Skip to main content

Multi-app session management and revocation tool for SailPoint

Project description

๐Ÿ” SailPoint Session Manager

License: MIT Python 3.8+

Multi-app session management and revocation tool for SailPoint.

Quickly terminate user sessions across Google Workspace, Okta, AWS, and other integrated applications when offboarding employees or responding to security incidents.

๐ŸŽฏ What It Does

SailPoint Session Manager provides a unified interface for session management across your entire application ecosystem:

  • ๐Ÿ” Session Discovery - Find all active and idle sessions for any user across all integrated apps
  • โน๏ธ Bulk Termination - Revoke sessions in seconds instead of hours of manual work
  • ๐Ÿ‘ค User-Based Revocation - Terminate sessions by username with approval workflows
  • ๐Ÿ“Š Real-time Metrics - View organization-wide session statistics by app
  • ๐Ÿ“ Audit Logging - Complete audit trail of all session terminations
  • โœ… Approval Workflows - Optional approval requirements before revocation

๐Ÿ“ฆ Installation

From PyPI

pip install sailpoint-session-manager

From Source

git clone https://github.com/xamitgupta/sailpoint-session-manager.git
cd sailpoint-session-manager
pip install -e .

Docker

docker build -t sailpoint-session-manager .
docker run --rm -v $(pwd)/config.yml:/app/config.yml sailpoint-session-manager org-metrics

โš™๏ธ Configuration

Create a config.yml file in your working directory:

sailpoint:
  base_url: "https://your-sailpoint-instance.com"
  api_username: "api_admin_user"
  api_token: "your_sailpoint_api_token"
  verify_ssl: true
  timeout: 30

google_workspace:
  admin_email: "admin@company.com"
  service_account_json: "/path/to/service-account.json"

okta:
  base_url: "https://company.okta.com"
  api_token: "your_okta_api_token"

approval:
  enabled: true
  approvers:
    - "security-lead@company.com"
    - "hr-manager@company.com"
  approval_required_for_bulk: true
  approval_timeout_hours: 24

See examples/config.example.yml for all configuration options.

๐Ÿš€ Usage

List All Sessions for a User

session-manager list-user-sessions john.doe --config config.yml

Sample Output:

    โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—
    โ•‘   ๐Ÿ” SailPoint Session Manager                        โ•‘
    โ•‘   Multi-app session management and revocation         โ•‘
    โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•

Connecting to SailPoint...
Retrieving sessions for: john.doe

๐Ÿ“Š Session Summary
Username        john.doe
Total Sessions  12
Active Sessions 8
Idle Sessions   4

๐ŸŸข Active Sessions
โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”ณโ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”ณโ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”ณโ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”“
โ”ƒ App             โ”ƒ Session ID  โ”ƒ Created  โ”ƒ Duration  โ”ƒ
โ”กโ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ•‡โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ•‡โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ•‡โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”ฉ
โ”‚ Google Workspaceโ”‚ sess_abc...  โ”‚ 2024-06  โ”‚ 480 min   โ”‚
โ”‚ Okta            โ”‚ sess_def...  โ”‚ 2024-06  โ”‚ 240 min   โ”‚
โ”‚ AWS             โ”‚ sess_ghi...  โ”‚ 2024-06  โ”‚ 120 min   โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

๐ŸŸก Idle Sessions
โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”ณโ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”ณโ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”“
โ”ƒ App             โ”ƒ Session ID  โ”ƒ Idle (min)โ”ƒ
โ”กโ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ•‡โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ•‡โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”ฉ
โ”‚ Slack           โ”‚ sess_jkl...  โ”‚ 1440      โ”‚
โ”‚ Google Workspaceโ”‚ sess_mno...  โ”‚ 960       โ”‚
โ”‚ Okta            โ”‚ sess_pqr...  โ”‚ 720       โ”‚
โ”‚ AWS             โ”‚ sess_stu...  โ”‚ 480       โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

โœ“ Session listing complete

Terminate All Sessions for a User

session-manager terminate-sessions john.doe --reason "Offboarding"

Sample Output:

    โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—
    โ•‘   ๐Ÿ” SailPoint Session Manager                        โ•‘
    โ•‘   Multi-app session management and revocation         โ•‘
    โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•

Terminate ALL sessions for john.doe? This cannot be undone. [y/N]: y

Sessions to terminate: 12
  โ€ข Google Workspace: sess_abc1234โ€ฆ
  โ€ข Okta: sess_def5678โ€ฆ
  โ€ข AWS: sess_ghi9012โ€ฆ
  โ€ข Slack: sess_jkl3456โ€ฆ

โณ Awaiting approval...
โœ“ Approved by security-lead@company.com

Terminating sessions...
  โœ“ Google Workspace
  โœ“ Okta
  โœ“ AWS
  โœ— Slack (API revocation not supported)

๐Ÿ“Š Termination Summary
  Total: 12
  Successful: 11
  Failed: 1

โœ“ Session termination complete

View Organization-Wide Metrics

session-manager org-metrics

Sample Output:

    โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—
    โ•‘   ๐Ÿ” SailPoint Session Manager                        โ•‘
    โ•‘   Multi-app session management and revocation         โ•‘
    โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•

Collecting organization metrics...

    Organization Session Metrics
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ Metric                   โ”‚ Value  โ”‚
โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
โ”‚ Total Sessions           โ”‚ 2,341  โ”‚
โ”‚ Active Sessions          โ”‚ 1,890  โ”‚
โ”‚ Idle Sessions (>30min)   โ”‚   451  โ”‚
โ”‚ Terminated Today         โ”‚    12  โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

By Application
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ Application      โ”‚ Total โ”‚ Active โ”‚ Idle โ”‚
โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”ค
โ”‚ Google Workspace โ”‚ 1,200 โ”‚ 1,050  โ”‚ 150  โ”‚
โ”‚ Okta             โ”‚   800 โ”‚   650  โ”‚ 150  โ”‚
โ”‚ AWS              โ”‚   200 โ”‚   150  โ”‚  50  โ”‚
โ”‚ Slack            โ”‚   141 โ”‚    40  โ”‚ 101  โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”˜

โœ“ Metrics collected

๐Ÿ”Œ Supported Applications

Application Status Revocation Discovery
Google Workspace โœ… Full โœ… Yes โœ… Yes
Okta โœ… Full โœ… Yes โœ… Yes
AWS ๐ŸŸก Partial โœ… Yes (STS) โœ… Yes
Slack ๐ŸŸก Partial โŒ No โœ… Yes
Generic Apps โš ๏ธ Limited โŒ No โœ… Limited

๐Ÿ“‹ Available Commands

# List all sessions for a user
session-manager list-user-sessions USERNAME [--config CONFIG_FILE]

# Terminate all sessions for a user
session-manager terminate-sessions USERNAME \
  --reason "Reason for termination" \
  --config CONFIG_FILE

# View organization-wide metrics
session-manager org-metrics [--config CONFIG_FILE]

# Show version
session-manager version

๐Ÿ“Š Key Features

Session Discovery

  • Real-time session discovery across all integrated applications
  • Session status classification (active/idle/terminated)
  • Configurable idle detection (default: 30 minutes)
  • Device, IP address, and location tracking
  • Detailed session metadata

Session Management

  • Bulk terminate sessions for single or multiple users
  • Single-click offboarding of user sessions
  • Selective session termination per application
  • Session termination audit trail
  • Failed operation recovery and retry

Approval Workflows

  • Optional approval requirements before termination
  • SailPoint Workflow engine integration
  • Configurable approver groups
  • Approval timeout with automatic cleanup
  • Email notifications for approvals

Metrics & Reporting

  • Real-time organization-wide metrics
  • Per-application session statistics
  • Session distribution analysis
  • Idle session reporting
  • Termination history tracking

๐Ÿ”’ Security

  • Credentials stored in local config file (add to .gitignore)
  • HTTPS enforcement for all external APIs
  • Optional SSL certificate verification
  • Complete audit logging of all operations
  • Approval workflows for sensitive operations
  • No persistent session data storage

๐Ÿ› ๏ธ Development

Install Development Dependencies

pip install -e ".[dev]"

Run Tests

pytest tests/
pytest --cov=sailpoint_session_manager tests/

Code Style

black sailpoint_session_manager/
ruff sailpoint_session_manager/

๐Ÿ“š Documentation

๐Ÿค Contributing

Contributions are welcome! Please see CONTRIBUTING.md for guidelines on:

  • Adding support for new applications
  • Improving session discovery
  • Enhancing approval workflows
  • Adding new metrics and reporting
  • Improving documentation

โš–๏ธ License

MIT License - see LICENSE for details.

๐Ÿ“ž Support


Like this tool? Please โญ star the repo!

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sailpoint_session_manager-0.1.0.tar.gz (12.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sailpoint_session_manager-0.1.0-py3-none-any.whl (11.5 kB view details)

Uploaded Python 3

File details

Details for the file sailpoint_session_manager-0.1.0.tar.gz.

File metadata

File hashes

Hashes for sailpoint_session_manager-0.1.0.tar.gz
Algorithm Hash digest
SHA256 020d6439eb960d6123666f8bd357f1ed16fa4d6c76f9dc36f4ffb40dd42c8f43
MD5 4100b3dcdf5aec35b3634507b3e75846
BLAKE2b-256 0761e3fd0a043ea9599e3fefd6bb0b2599ed65b95f8a62aca1bf2fa03f3a3dfc

See more details on using hashes here.

File details

Details for the file sailpoint_session_manager-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for sailpoint_session_manager-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 35456d115930c0705250bae746872853221e22acbd13241f77d67401ee59a427
MD5 03801970133a572d703cea2f6f311ca2
BLAKE2b-256 f2c7ce5d6bf1b804de6af56d59985f2514b53b02ff84edb06ace7b054368ae49

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page