# Block Multiple Login

## Summary

When the Block Multiple Login feature is enabled, the system checks whether a user is already logged in on another device before allowing them to complete the login process. This check is performed after IdP login is complete and before secondary authentication training.

The system sends a request to the configured endpoint with the user's device ID and user ID to determine if they are currently logged in elsewhere. Based on the response and configuration settings, the user may be blocked from logging in, or allowed to proceed based on bypass settings.

If the endpoint returns that the user is already logged in elsewhere, the system displays an alert dialog informing the user that multiple device logins are not allowed. When a network error occurs during the check, the user's options depend on the `bypassOnNetworkFailure` configuration setting.

#### Login Blocking Scenarios

**User Already Logged In**:

* If `bypassOnNetworkFailure` is `false`: Display alert with CLOSE button only. Closing the dialog cancels login and the user returns to Launcher with an `authBlocked` app event.
* If `bypassOnNetworkFailure` is `true`: Display alert with CLOSE and OVERRIDE buttons. CLOSE cancels login with `authBlocked` event. OVERRIDE continues login with `authBlockOverride` event.

**Network Error**:

* If `bypassOnNetworkFailure` is `false`: Display alert with CLOSE button only. Login is cancelled and user returns to Launcher.
* If `bypassOnNetworkFailure` is `true`: Display alert with CLOSE and OVERRIDE buttons. User can either cancel or override the network error to continue.

**User Not Logged In**:

* Login proceeds normally through secondary authentication training.

#### Alert Dialog

The error alert dialog displays the following information:

**Title**: Login Blocked

**Message**: You are logged in on another device, multiple device logins are not allowed. If you believe this is an error, please notify Help Desk.

<figure><img src="/files/JaJ18BervWESFSvTgnvY" alt="Login Blocked Dialog" width="375"><figcaption><p>Sample preview for Login Blocked dialog</p></figcaption></figure>

#### Configuration

The following key-value pairs can be set within the `appConfig.bfAuth` object of the Launcher configuration JSON file.

| Key                      | Type    | Description                                                                                                                                         |
| ------------------------ | ------- | --------------------------------------------------------------------------------------------------------------------------------------------------- |
| `enable`                 | Boolean | Enables or disables the Block Multiple Login feature. Default is `false`.                                                                           |
| `checkLoginAllowUrl`     | String  | The URL of the endpoint to check if the user is allowed to login (e.g., `https://data-service.example.com/playbook/apiv1/device/check-user-login`). |
| `bypassOnNetworkFailure` | Boolean | When `true`, allows users to override network errors during the login check. When `false`, network errors block login. Default is `false`.          |

#### Example Configuration

```json
{
  "appConfig": {
    "bfAuth": {
      "blockMultipleLogin": {
        "enable": true,
        "checkLoginAllowUrl": "https://data-service.example.com/playbook/apiv1/device/check-user-login",
        "bypassOnNetworkFailure": false,
        ...
      }
    }
  }
}
```

#### App Events

The following app events are generated during the login blocking process:

* **authBlocked**: Fired when login is blocked due to user already logged in elsewhere or network error (and user chooses CLOSE). Event details include `{ userId: 'xxxx' }`.
* **authBlockOverride**: Fired when user chooses to override a network error and continue with login. Event details include `{ userId: 'xxxx' }`.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.bluefletch.com/bluefletch-enterprise/product-guides/authentication-and-sso/features/block-multiple-login.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.