Re: Is it possible to block and kick a user from the application?

Firework · ‎12-09-2023

Hello everyone. Im administrator of CUCM (latest verion) and i have full access.

Today we have a problem: our colleague lost his phone. There are a lot of confidential work-related correspondences on the phone through the Jabber application. Is it possible in CUCM to block a user and kill a session? What would throw him out of the application right on the go?

Roger Kallberg · ‎12-09-2023

This is from the system configuration document.

Revoke Existing OAuth Refresh Tokens

Use an AXL API to revoke existing OAuth refresh tokens. For example, if an employee leaves your company, you can use this API to revoke that employee's current refresh token so that they cannot obtain new access tokens and will no longer be able to log in to the company account. The API is a REST-based API that is protected by AXL credentials. You can use any command-line tool to invoke the API. The following command provides an example of a cURL command that can be used to revoke a refresh token:

curl -k -u "admin:password" https://<UCMaddress:8443/ssosp/token/revoke?user_id=<end_user>

where:

admin:password is the login ID and password for the Cisco Unified Communications Manager administrator account.
UCMaddress is the FQDN or IP address of the Cisco Unified Communications Manger publisher node.
end_user is the user ID for the user for whom you want to revoke refresh tokens.

Firework · ‎12-09-2023

If at this moment he is online in the application, will he be thrown out? Or do you need to wait until he will swipe out the application from memory or reboots the phone?

Roger Kallberg · ‎12-09-2023

I have never done this, so I’m not 100% sure, but I would think that it would end any session that the user has and not let it in without knowing the password.

Firework · ‎12-21-2023

We dont use oAuth in our build i think, thats why it's didnt help for us