Brilliancy of quality
Security & Control

Sessions, Devices, and Security Auditing in a Corporate Platform

Sapphire I.C.D.S.

A corporate system is rarely used from only one computer. An employee signs in from a work laptop, opens the workspace on a phone, connects from a branch office, or continues working after a business trip. This is a normal scenario for a business, but it raises a management question: which sessions are currently active, who owns them, and how quickly access can be stopped if a device is lost, an employee's role changes, or signs of compromise appear.

In Sapphire, this issue is addressed not through a collection of disconnected settings, but through the unified Helix identity framework and the HelixID user center. Users receive clear tools for working with their accounts, while authorized administrators gain a centralized view of events and active connections. Everyday work does not become a constant struggle with security restrictions.

Multiple devices without losing control

The platform supports simultaneous work from multiple devices. Each sign-in is treated as an independent session with its own lifecycle. A session record can show a clear device label, creation time, latest activity, connection type, and supporting information useful for review. This makes it possible to distinguish a familiar work laptop from an old phone or an unexpected browser.

The number of active sessions is defined by organizational policy. If the limit is reached, the system applies a predictable rule and makes room by ending the oldest active connection. For a business, this is more useful than an arbitrary ban: employees can work normally across channels, while the IT team retains a controlled upper limit.

A network change alone should not turn a legitimate user into a suspected intruder. The connection address and client software characteristics are therefore used as data for analysis and auditing, not as the sole proof of identity. This approach accommodates mobile internet access, corporate VPNs, remote work, and movement between office networks while retaining the history needed for an investigation.

Employee self-service

In HelixID, an employee can review active sessions and end a specific session that is no longer needed. If a phone is lost, for example, there is no need to wait for a support request to be processed manually: the questionable connection can be revoked without interrupting work on the primary computer. If the issue affects the entire account, all active sessions can be ended.

Critical changes are tied to a unified access lifecycle. A password change or recovery, a forced global sign-out, and a confirmed account risk result in the revocation of previously granted access. This closes a common organizational gap in which a password has already been changed but a forgotten session on another device remains active.

When an employee leaves, transfers, or needs an urgent role change, the same unified framework makes it possible to end active connections while the employee's permissions are being reviewed.

Access recovery is designed so that an outsider cannot determine whether a specified account exists. A recovery link has a limited lifetime and can be used only once. After successful completion, old connections are ended and the employee resumes work in a new trusted state. For the support team, this provides one clear and explainable process instead of manual exceptions.

Two levels of auditing

Not every security event should be visible to the same audience. Sapphire separates the user log from the operational log for authorized administrators. In the first, an employee sees actions related to their account: sign-ins, sign-outs, security setting changes, and revocation of their own access credentials. This reduces the support burden and helps users notice unusual activity independently.

The administrative level is intended for broader oversight. It includes search and paginated event review, an overview of sessions across accounts, and export and retention operations for users with the relevant permissions. Access to these capabilities is divided by authority: viewing the log, managing sessions, exporting, and purging do not need to belong to the same role.

For sensitive administrative actions, identity is confirmed again immediately before the operation. This authorizes the specific action rather than creating a new long-lived session with elevated privileges. The export itself or a change to the retention period also remains in the log. Auditing therefore covers not only ordinary user activity, but also work performed on the audit records themselves.

Practical value for the business

  • Employees control their own devices and can respond faster when equipment is lost.
  • The IT team receives a unified list of active connections and can revoke one without blocking all work.
  • The security team sees a sequence of events rather than a collection of unrelated application logs.
  • Separation of duties helps align access with internal policies and audit requirements.
  • Configurable retention periods make it possible to align logging with company policy and applicable requirements.

Importantly, this framework is part of Sapphire's common access model. Platform modules receive an already verified user identity and current permissions instead of creating their own incompatible sign-in mechanisms. Revoking a session or changing an account's status therefore applies consistently across corporate workspaces.

For a manager, the result is not measured by the number of security technologies, but by a controlled process: employees see their own activity, administrators act within their roles, critical operations are confirmed, and investigations rely on a coherent history. This level of observability turns security into a practical business tool rather than a formal setting on the sign-in page.