When logging in through SSO, how do I check if a user is already enrolled before allowing them access again?
Using the Backend API, specifically Managing App Users and Sessions, you can identify a
user's sessions. Each session object that is returned has a
state associated. If the
state is "ENROLLED" then you know that the user is already enrolled via a separate session.
If you want to limit users to a single session, you can also turn off the "Multiple devices/sessions per user" feature flag within the App Settings.