---
title: Configuring tracking options for logout
description: You can configure PingFederate to track adapter sessions for logout.
component: pingfederate
version: 13.1
page_id: pingfederate:administrators_reference_guide:pf_config_tracking_options_for_logout
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/pf_config_tracking_options_for_logout.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: July 5, 2022
section_ids:
  about-this-task: About this task
  steps: Steps
  related-links: Related links
---

# Configuring tracking options for logout

You can configure PingFederate to track adapter sessions for logout.

## About this task

An adapter session is a logout entry that, if tracked, ensures a logout request is sent to the adapter during single logout (SLO) *(tooltip: \<div class="paragraph">
\<p>The process of signing a user out of multiple sites where the user has started a SSO session.\</p>
\</div>)*. Then the adapter can remove any session data that it is tracking for the user.

## Steps

1. Go to **Authentication > Policies > Sessions**.

2. (Optional) Enable SLO for all adapter instances on a per-user basis by selecting the **Track Adapter Sessions for Logout** checkbox.

   When this checkbox is selected, an adapter session is tracked whenever an adapter is invoked during single sign-on (SSO) *(tooltip: \<div class="paragraph">
   \<p>The process of authenticating an identity (signing on) at one website (usually with a user ID and password) and then accessing resources secured by other domains without reauthenticating.\</p>
   \</div>)*. When this checkbox is cleared, the tracking of the adapter session depends on other factors, such as whether SLO is enabled on the partner connection involved in the SSO. This checkbox is cleared by default.

   |   |                                                                                                                                                                                                   |
   | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | This option is the simplest way to guarantee the cleanup of adapter sessions, but it does increase runtime memory usage. If you leave this box cleared, adapter sessions could persist after SLO. |

3. (Optional) Add the associated sessions to the revocation list on logout by selecting the **Track Revoked Sessions on Logout** checkbox.

   When selected, PingFederate always adds the associated sessions to the session revocation list as users sign off, even if an error occurs to the logout requests. This allows other systems, such as PingAccess, to query the validity of a given session at the Session Revocation API endpoint, `/pf-ws/rest/sessionMgmt/revokedSris`. This checkbox is selected by default for new installations.

   |   |                                                                                                                                                                                                                                                                                                                                                                                                            |
   | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | If your use cases involve OAuth requests, consider enabling the **Check session revocation status** option in the applicable Access Token Management instances so that the token validation process takes into account whether a session has been added to the revocation list. Learn more in [Managing session validation settings](help_beareraccesstokenmgmtplugintasklet_sessionvalidationstate.html). |

4. (Optional) Change the number of minutes until the revoked sessions are removed from the revocation list for optimal performance by changing the value in the **Session Revocation Lifetime** field. You can enter an integer between 1 and 43200. The default value is 490 minutes.

   |   |                                                                                                                                                                                                                                                                                                                                                                |
   | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | The **Session Revocation Lifetime** value should match or exceed the idle timeout value, or the maximum session lifetime value, of the authentication sources and the relying parties. For example, the default value of 490 minutes exceeds the global **Max Timeout** value for authentication sessions by 10 minutes to allow for clock skew among servers. |

5. Click **Save**.

## Related links

* [OAuth client session management](pf_oauth_client_sess_management.html)