List Admin Sessions
Retrieves all sessions for ALL users within the authenticated admin's organization. This endpoint is restricted to organization administrators and provides visibility into all active and historical sessions across the organization for monitoring and auditing purposes.
Request
GET /sessions/admin
Authentication
Requires a Bearer JWT token with ORG_ADMIN role.
Authorization: Bearer <access_token>
Query Parameters
No query parameters are accepted. This endpoint returns all sessions for all users in the organization.
Response
Returns an array of SessionResponse objects for all users in the organization, ordered by creation date (most recent first).
[
{
"id": "3fa85f64-5717-4362-b98f-9ddd36e4b010",
"userId": "7c8b3f21-4d92-4a8e-9f3a-1e6c5b9d0a2b",
"userName": "John Doe",
"userEmail": "[email protected]",
"ipv4Address": "203.0.113.42",
"ipv6Address": null,
"status": "ACTIVE",
"startedAt": "2026-02-18T10:30:00Z",
"expiresAt": "2026-02-18T12:30:00Z",
"endedAt": null,
"endedReason": null,
"resourceIps": [
{
"id": "8e9f2a3b-1c4d-5e6f-7a8b-9c0d1e2f3a4b",
"resourceId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"resourceName": "Production Database SG",
"ipVersion": 4,
"ipAddress": "203.0.113.42",
"status": "APPLIED",
"providerRuleId": "sgr-0123456789abcdef0",
"appliedAt": "2026-02-18T10:30:15Z",
"removedAt": null,
"errorMessage": null
}
],
"createdAt": "2026-02-18T10:30:00Z"
},
{
"id": "4eb85f75-6828-5473-ca09-0eee47f5c121",
"userId": "8d9c4g32-5e03-5b9f-af4b-2f7d6c0e1b3c",
"userName": "Jane Smith",
"userEmail": "[email protected]",
"ipv4Address": "198.51.100.89",
"ipv6Address": null,
"status": "ACTIVE",
"startedAt": "2026-02-18T09:15:00Z",
"expiresAt": "2026-02-18T11:15:00Z",
"endedAt": null,
"endedReason": null,
"resourceIps": [
{
"id": "0a1b2c3d-4e5f-6a7b-8c9d-0e1f2a3b4c5d",
"resourceId": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
"resourceName": "Staging API SG",
"ipVersion": 4,
"ipAddress": "198.51.100.89",
"status": "APPLIED",
"providerRuleId": "sgr-bcdef0123456789ab",
"appliedAt": "2026-02-18T09:15:12Z",
"removedAt": null,
"errorMessage": null
}
],
"createdAt": "2026-02-18T09:15:00Z"
}
]
Response Fields
Each session object contains the same fields as described in the Start Session endpoint. Note that userId, userName, and userEmail vary across sessions belonging to different users.
Error Responses
| Status Code | Error | Description |
|---|---|---|
| 401 | Unauthorized | Invalid or missing JWT token |
| 403 | Forbidden | User does not have ORG_ADMIN role |
Example
Request
curl https://api.entryguard.io/api/v1/sessions/admin \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Response
[
{
"id": "3fa85f64-5717-4362-b98f-9ddd36e4b010",
"userId": "7c8b3f21-4d92-4a8e-9f3a-1e6c5b9d0a2b",
"userName": "John Doe",
"userEmail": "[email protected]",
"ipv4Address": "203.0.113.42",
"ipv6Address": null,
"status": "ACTIVE",
"startedAt": "2026-02-18T10:30:00Z",
"expiresAt": "2026-02-18T12:30:00Z",
"endedAt": null,
"endedReason": null,
"resourceIps": [
{
"id": "8e9f2a3b-1c4d-5e6f-7a8b-9c0d1e2f3a4b",
"resourceId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"resourceName": "Production Database SG",
"ipVersion": 4,
"ipAddress": "203.0.113.42",
"status": "APPLIED",
"providerRuleId": "sgr-0123456789abcdef0",
"appliedAt": "2026-02-18T10:30:15Z",
"removedAt": null,
"errorMessage": null
}
],
"createdAt": "2026-02-18T10:30:00Z"
},
{
"id": "4eb85f75-6828-5473-ca09-0eee47f5c121",
"userId": "8d9c4g32-5e03-5b9f-af4b-2f7d6c0e1b3c",
"userName": "Jane Smith",
"userEmail": "[email protected]",
"ipv4Address": "198.51.100.89",
"ipv6Address": null,
"status": "ACTIVE",
"startedAt": "2026-02-18T09:15:00Z",
"expiresAt": "2026-02-18T11:15:00Z",
"endedAt": null,
"endedReason": null,
"resourceIps": [
{
"id": "0a1b2c3d-4e5f-6a7b-8c9d-0e1f2a3b4c5d",
"resourceId": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
"resourceName": "Staging API SG",
"ipVersion": 4,
"ipAddress": "198.51.100.89",
"status": "APPLIED",
"providerRuleId": "sgr-bcdef0123456789ab",
"appliedAt": "2026-02-18T09:15:12Z",
"removedAt": null,
"errorMessage": null
}
],
"createdAt": "2026-02-18T09:15:00Z"
},
{
"id": "5fc96g86-7939-6584-db1a-1fff58g6d232",
"userId": "9e0d5h43-6f14-6ca0-bg5c-3g8e7d1f2c4d",
"userName": "Bob Wilson",
"userEmail": "[email protected]",
"ipv4Address": "192.0.2.150",
"ipv6Address": null,
"status": "EXPIRED",
"startedAt": "2026-02-17T16:00:00Z",
"expiresAt": "2026-02-17T18:00:00Z",
"endedAt": "2026-02-17T18:00:05Z",
"endedReason": "EXPIRED",
"resourceIps": [
{
"id": "1b2c3d4e-5f6a-7b8c-9d0e-1f2a3b4c5d6e",
"resourceId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"resourceName": "Production Database SG",
"ipVersion": 4,
"ipAddress": "192.0.2.150",
"status": "REMOVED",
"providerRuleId": "sgr-cdef0123456789abc",
"appliedAt": "2026-02-17T16:00:08Z",
"removedAt": "2026-02-17T18:00:05Z",
"errorMessage": null
}
],
"createdAt": "2026-02-17T16:00:00Z"
}
]
Use Cases
- Monitor all active sessions across the organization
- Security auditing and compliance reporting
- Identify unusual access patterns (unexpected IPs, times, resources)
- Generate reports on resource usage
- Dashboard showing current active users and their IPs
- Investigate security incidents
- Verify that sessions are being properly cleaned up
Filtering in Client Applications
The API returns all sessions. Client applications should implement filtering by:
- Session status (active, expired, cancelled)
- User name or email
- Resource name
- IP address
- Date range
Related Endpoints
POST /sessions/admin/{id}/stop- Stop any user's sessionGET /audit-logs- View detailed audit trail of session events