Multi-app session management and revocation tool for SailPoint
Project description
๐ SailPoint Session Manager
Multi-app session management and revocation tool for SailPoint.
Quickly terminate user sessions across Google Workspace, Okta, AWS, and other integrated applications when offboarding employees or responding to security incidents.
๐ฏ What It Does
SailPoint Session Manager provides a unified interface for session management across your entire application ecosystem:
- ๐ Session Discovery - Find all active and idle sessions for any user across all integrated apps
- โน๏ธ Bulk Termination - Revoke sessions in seconds instead of hours of manual work
- ๐ค User-Based Revocation - Terminate sessions by username with approval workflows
- ๐ Real-time Metrics - View organization-wide session statistics by app
- ๐ Audit Logging - Complete audit trail of all session terminations
- โ Approval Workflows - Optional approval requirements before revocation
๐ฆ Installation
From PyPI
pip install sailpoint-session-manager
From Source
git clone https://github.com/xamitgupta/sailpoint-session-manager.git
cd sailpoint-session-manager
pip install -e .
Docker
docker build -t sailpoint-session-manager .
docker run --rm -v $(pwd)/config.yml:/app/config.yml sailpoint-session-manager org-metrics
โ๏ธ Configuration
Create a config.yml file in your working directory:
sailpoint:
base_url: "https://your-sailpoint-instance.com"
api_username: "api_admin_user"
api_token: "your_sailpoint_api_token"
verify_ssl: true
timeout: 30
google_workspace:
admin_email: "admin@company.com"
service_account_json: "/path/to/service-account.json"
okta:
base_url: "https://company.okta.com"
api_token: "your_okta_api_token"
approval:
enabled: true
approvers:
- "security-lead@company.com"
- "hr-manager@company.com"
approval_required_for_bulk: true
approval_timeout_hours: 24
See examples/config.example.yml for all configuration options.
๐ Usage
List All Sessions for a User
session-manager list-user-sessions john.doe --config config.yml
Sample Output:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐ SailPoint Session Manager โ
โ Multi-app session management and revocation โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Connecting to SailPoint...
Retrieving sessions for: john.doe
๐ Session Summary
Username john.doe
Total Sessions 12
Active Sessions 8
Idle Sessions 4
๐ข Active Sessions
โโโโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโณโโโโโโโโโโโณโโโโโโโโโโโโ
โ App โ Session ID โ Created โ Duration โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ Google Workspaceโ sess_abc... โ 2024-06 โ 480 min โ
โ Okta โ sess_def... โ 2024-06 โ 240 min โ
โ AWS โ sess_ghi... โ 2024-06 โ 120 min โ
โโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโดโโโโโโโโโโโดโโโโโโโโโโโโ
๐ก Idle Sessions
โโโโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโณโโโโโโโโโโโโ
โ App โ Session ID โ Idle (min)โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ Slack โ sess_jkl... โ 1440 โ
โ Google Workspaceโ sess_mno... โ 960 โ
โ Okta โ sess_pqr... โ 720 โ
โ AWS โ sess_stu... โ 480 โ
โโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโดโโโโโโโโโโโโ
โ Session listing complete
Terminate All Sessions for a User
session-manager terminate-sessions john.doe --reason "Offboarding"
Sample Output:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐ SailPoint Session Manager โ
โ Multi-app session management and revocation โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Terminate ALL sessions for john.doe? This cannot be undone. [y/N]: y
Sessions to terminate: 12
โข Google Workspace: sess_abc1234โฆ
โข Okta: sess_def5678โฆ
โข AWS: sess_ghi9012โฆ
โข Slack: sess_jkl3456โฆ
โณ Awaiting approval...
โ Approved by security-lead@company.com
Terminating sessions...
โ Google Workspace
โ Okta
โ AWS
โ Slack (API revocation not supported)
๐ Termination Summary
Total: 12
Successful: 11
Failed: 1
โ Session termination complete
View Organization-Wide Metrics
session-manager org-metrics
Sample Output:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐ SailPoint Session Manager โ
โ Multi-app session management and revocation โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Collecting organization metrics...
Organization Session Metrics
โโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโ
โ Metric โ Value โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโค
โ Total Sessions โ 2,341 โ
โ Active Sessions โ 1,890 โ
โ Idle Sessions (>30min) โ 451 โ
โ Terminated Today โ 12 โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโ
By Application
โโโโโโโโโโโโโโโโโโโโฌโโโโโโโโฌโโโโโโโโโฌโโโโโโโ
โ Application โ Total โ Active โ Idle โ
โโโโโโโโโโโโโโโโโโโโผโโโโโโโโผโโโโโโโโโผโโโโโโโค
โ Google Workspace โ 1,200 โ 1,050 โ 150 โ
โ Okta โ 800 โ 650 โ 150 โ
โ AWS โ 200 โ 150 โ 50 โ
โ Slack โ 141 โ 40 โ 101 โ
โโโโโโโโโโโโโโโโโโโโดโโโโโโโโดโโโโโโโโโดโโโโโโโ
โ Metrics collected
๐ Supported Applications
| Application | Status | Revocation | Discovery |
|---|---|---|---|
| Google Workspace | โ Full | โ Yes | โ Yes |
| Okta | โ Full | โ Yes | โ Yes |
| AWS | ๐ก Partial | โ Yes (STS) | โ Yes |
| Slack | ๐ก Partial | โ No | โ Yes |
| Generic Apps | โ ๏ธ Limited | โ No | โ Limited |
๐ Available Commands
# List all sessions for a user
session-manager list-user-sessions USERNAME [--config CONFIG_FILE]
# Terminate all sessions for a user
session-manager terminate-sessions USERNAME \
--reason "Reason for termination" \
--config CONFIG_FILE
# View organization-wide metrics
session-manager org-metrics [--config CONFIG_FILE]
# Show version
session-manager version
๐ Key Features
Session Discovery
- Real-time session discovery across all integrated applications
- Session status classification (active/idle/terminated)
- Configurable idle detection (default: 30 minutes)
- Device, IP address, and location tracking
- Detailed session metadata
Session Management
- Bulk terminate sessions for single or multiple users
- Single-click offboarding of user sessions
- Selective session termination per application
- Session termination audit trail
- Failed operation recovery and retry
Approval Workflows
- Optional approval requirements before termination
- SailPoint Workflow engine integration
- Configurable approver groups
- Approval timeout with automatic cleanup
- Email notifications for approvals
Metrics & Reporting
- Real-time organization-wide metrics
- Per-application session statistics
- Session distribution analysis
- Idle session reporting
- Termination history tracking
๐ Security
- Credentials stored in local config file (add to .gitignore)
- HTTPS enforcement for all external APIs
- Optional SSL certificate verification
- Complete audit logging of all operations
- Approval workflows for sensitive operations
- No persistent session data storage
๐ ๏ธ Development
Install Development Dependencies
pip install -e ".[dev]"
Run Tests
pytest tests/
pytest --cov=sailpoint_session_manager tests/
Code Style
black sailpoint_session_manager/
ruff sailpoint_session_manager/
๐ Documentation
- QUICK_START.md - Get started in 5 minutes
- CONTRIBUTING.md - Contribution guidelines
- examples/config.example.yml - Configuration reference
๐ค Contributing
Contributions are welcome! Please see CONTRIBUTING.md for guidelines on:
- Adding support for new applications
- Improving session discovery
- Enhancing approval workflows
- Adding new metrics and reporting
- Improving documentation
โ๏ธ License
MIT License - see LICENSE for details.
๐ Support
- GitHub Issues - Report bugs and request features
- GitHub Discussions - Ask questions and discuss ideas
Like this tool? Please โญ star the repo!
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sailpoint_session_manager-0.1.0.tar.gz.
File metadata
- Download URL: sailpoint_session_manager-0.1.0.tar.gz
- Upload date:
- Size: 12.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
020d6439eb960d6123666f8bd357f1ed16fa4d6c76f9dc36f4ffb40dd42c8f43
|
|
| MD5 |
4100b3dcdf5aec35b3634507b3e75846
|
|
| BLAKE2b-256 |
0761e3fd0a043ea9599e3fefd6bb0b2599ed65b95f8a62aca1bf2fa03f3a3dfc
|
File details
Details for the file sailpoint_session_manager-0.1.0-py3-none-any.whl.
File metadata
- Download URL: sailpoint_session_manager-0.1.0-py3-none-any.whl
- Upload date:
- Size: 11.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
35456d115930c0705250bae746872853221e22acbd13241f77d67401ee59a427
|
|
| MD5 |
03801970133a572d703cea2f6f311ca2
|
|
| BLAKE2b-256 |
f2c7ce5d6bf1b804de6af56d59985f2514b53b02ff84edb06ace7b054368ae49
|