Skip to main content

Sessions Overview

What is a Session?

A session in EntryGuard is a time-bound authorization that temporarily whitelists your IP address across all cloud resources you have access to. When you start a session, EntryGuard automatically adds your IP address to the ingress rules of every cloud resource assigned to you through your roles, and removes them when the session expires.

Key Concepts

Automatic IP Whitelisting

When you click Start Session, EntryGuard:

  • Detects your current IPv4 and/or IPv6 address
  • Applies ingress rules to all cloud resources accessible through your assigned roles
  • Tracks each IP rule application individually
  • Automatically revokes all rules when the session expires

Session Duration

You choose a duration when starting a session. Available options depend on your subscription tier:

  • Free tier: Up to 4 hours (1h, 2h, 4h)
  • Paid tiers: Up to 24 hours (1h, 2h, 4h, 8h, 12h, 16h, 24h)

The maximum duration may also be limited by your role's maxSessionDurationHours setting. The most restrictive limit always applies.

Multiple Active Sessions

You can have multiple active sessions at the same time. The number of concurrent sessions per user depends on your subscription tier:

  • Free: 1 concurrent session per user
  • Starter: Up to 3 concurrent sessions per user
  • Team / Business: Unlimited concurrent sessions

Multiple sessions are useful when:

  • You're working from different networks (home, office, mobile)
  • You need different durations for different work periods
  • You want to maintain access while switching networks

EntryGuard tracks each session independently and uses reference counting to ensure IP rules are only removed when all sessions using them have ended.

Session States

Sessions are shown with colored status badges in the UI:

  • PENDING (blue) — IP rules are being applied
  • ACTIVE (green) — All IP rules applied, you have access
  • PARTIAL (orange) — Some IP rules applied, others failed
  • FAILED (red) — No IP rules could be applied
  • EXPIRING (yellow) — Session expired, rules being removed
  • EXPIRED (gray) — Session ended, all rules removed
  • CANCELLED (gray) — Session manually stopped

See Session Lifecycle for detailed information about state transitions.

Resource Scope

Sessions apply to:

  • Role-assigned resources — All cloud resources assigned to your roles
  • Direct user assignments — Any cloud resources assigned directly to your user account

If you have access to resources through multiple roles, a session will whitelist your IP on all of them.

Security Considerations

  • Sessions automatically expire — no manual cleanup required
  • IP addresses are detected server-side to prevent spoofing
  • Failed rule applications are logged in the audit trail
  • Reference counting prevents premature rule removal when multiple sessions exist

API Reference: For programmatic access, see Start Session.