Enforce single authentication session per user
I would like to make sure our users can only log on from one location at once, as an extra security measure. Is there anything built into Enginio that could enforce this? If not, is there a way to check whether a certain user is already logged on from somewhere else?
Unfortunately there is no built-in functionality for this at the moment. However, you could get similar results by implementing simple check on client side and store user specific authentication information in Enginio. With this you would be able to see if the user has recently used the app from certain origin and not allow new authentications from elsewhere until for example set time of inactivity.
Yes, my plan was to add a timestamp and origin for the authentication session, and explicitly log out to remove the timestamp, with an additional timeout to handle crashes, devices in standby, ...
Is there a plan to implement this in Enginio itself in the near future? I can wait a couple of months, but otherwise I will implement it myself.
We don't currently have this on our development roadmap, so your best bet might be to implement a solution yourself for the time being.
Your idea itself is still very good and definitely will be reviewed for a possible future feature! Thanks for your input and we're sorry for not being able to help you right away.