The authentication source must have sessions enabled. If it doesn’t, there isn’t anything to revoke, but your users will be asked to authenticate every time they use that authentication source. You can enable sessions for all sources or for specific sources only. For more information, see Configuring authentication sessions.