"Deny Access" - "Logout" or "Disconnect"?

When access to a session is controlled with a "Deny Access" action, users will be presented with either a "Disconnect" or "Sign out" button. This article describes, when and why either will be used.

Inarguably deviceTRUST's most straightforward use case is conditional access, or - more specifically - conditional workspace access: The user's access to a remote session will be denied based on the individual Context.

Without further configuration, deviceTRUST will display a "Sign out" button or a "Disconnect" button when denying access. The distinction is made to adjust to the type of session the user has on the system.


If the user is just about to log on to a remote system and thus has not started any resources or software, deviceTRUST will present the "Sign out" button. In this case, we can be sure no unsaved data is lost when logging out the user. It is the most straightforward action to log out the user and - thus - save resources on the (remote) system.



If the user has already started a session on the remote system, deviceTRUST will present a "Disconnect" button by default. This way, the session will be kept alive in the background, and the user can re-access it once the Context fits the requirements again. This way, we make sure unsaved work will not be lost. The disconnected session might be logged off automatically based on your configured policies.



You'll find a switch to alter this behavior in the "Deny Access" task of your deviceTRUST Actions. The "Always show sign out button" check box will ensure users are only presented with the "Sign out" button, whether they have already launched a session and started applications or not.