Disable concurrent login

Description

Currently we have a security policy to not allow concurrent logins for same user login.

Can we enquire if there is such a feature to disallow concurrent login for the same user at the same time?

Steps to reproduce:

    1. Login as any user at the following host:
      https://self-hosted rocketchat.com
  1. Login as the same user in a different browser or incognito/private mode.

  2. The functions could be interacted with in both sessions.

Server Setup Information

  • Version of Rocket.Chat Server: v6.9.2
  • Operating System: Linux System
  • Deployment Method: Docker
  • Number of Running Instances: 1 Server & 1 Database instance
  • NodeJS Version: 14.21.3
  • MongoDB Version: 6.0.15

Things to note:

  • We are running rocketchat integration with LDAP

Hi,

What licence are you using? There may be something in Pro/EE but I am not sure.

You might be able to with 2FA - check under Settings/Accounts. Not sure there is another method.

Bear in mind people may use a desktop and mobile application at the same time?

Hi,

Thank you for the quick response!

We are actually on the free community version and our setup is air-gapped. Hence, our users are not using mobile application to access.

Can we confirm that there is no such feature for the community edition at this point of time?

Thank You!

Not as far as I’m aware beyond 2FA which has token timeouts IIRC. Please check that.

I will double check but might a few days.

Hi,

Is there any update and can we get a confirmation there is no such feature of disabling concurrent login for the community edition?

Thank You!

I am waiting for an answer. I will get back to you when I can.

Answer is nothing beyond the 2FA settings mentioned above which you probably should check if you have high security requirements…